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SECTION  1  Introduction 

LCFsmall  is  a  case  study.  It  was  designed  to  shed  light  on  several  aspects  of  current  research  ir  the 
mathematical  theory  of  computation  and  representation  theory  As  a  side  benefit  it  is  a  r-  fair> 
which  can  be  used  to  do  experiments  using  the  typed  Vcalculus  to  interpret  programming  >  jages. 
This  approach  was  first  discussed  by  D  Scott  in  1969  For  us  it  was  also  an  exercise  in  wr..  g  such 
a  system  without  the  aid  of  the  MLISP2  extendible  parser  (Smith  and  Enea  1973). 

LCFsmall  is  an  implementation  of  a  proof-checker  for  the  unadorned  logical  calculus.  LCF  itself 
augments  this  basic  logic  with  additional  rules  and  user  aids  in  an  attempt  to  make  the  actual 
checking  of  proofs  more  feasible.  These  include  the  simplification  rule,  a  facility  for  using  theorems, 
and  the  subgoal  structure.  LCFsmall  has  an  entirely  different  motivation.  First,  a  natural  question 
about  LCF  has  always  been  “but  who  checks  the  checker?",  le.  have  you  proved  that  LCF  is  correct ? 
This  task  is  simply  too  big  to  be  considered  given  our  present  capabilities  for  proving  the 
correctness  of  programs  LCF  uses  backtracking  and  is  about  35  pages  of  MLISP2  code  With  no 
extra  free  storage,  it  is  a  48K  (PDPIO  36  bit  word)  program  We  think  that  is  the  long  run  the 
reliability  (or  correctness  if  you  wish)  of  such  large  programs  needs  to  be  considered 

Several  things  happened  to  make  us  look  at  this  task  at  different  levels.  First  we  had  learned  a  lot 
about  constructing  proof  checkers  while  experimenting  with  LCF  and  a  new  cleaned  up  version  was 
envisioned  Secondly,  M.  Newey  1974  has  presented  an  LCF  axiomatization  of  LISP,  and  done 
several  extremely  large  proofs  This  led  us  to  consider  the  idea  of  writing  a  new  version  of  LCF 
entirely  in  LISP,  which  had  some  hope  of  being  proved  correct.  Moreover,  using  pure  LISP 
mcieases  its  portability  In  actual  fact  it  is  written  and  printed  here  in  MLISP2.  The  translation 
into  pure  LISP,  however,  is  straight  forward  and  we  felt  this  was  easier  to  read  A  copy  of  the  LISP 
code  can  be  gotten  by  writing  to  Richard  Weyhrauch 

In  c.der  that  a  proof  of  correctness  be  at  all  feasible  we  decided  only  to  include  those  rules  originally 
sugge'ted  by  D.  Scott  in  I960.  These  are  explained  in  detail  in  Milner  1972  and  Weyhrauch  and 
Milner  1972.  For  the  purpose  of  this  note  we  expect  familiarity  with  one  of  these  papers. 

Another  motivation  was  our  interest  in  seeing  just  how  straightforward  it  was  to  translate  the 
"metamathematical  description”  of  LCF  directly  into  code.  That  is  we  tried  to  write  the  program  in 
terms  of  the  notions  involved 

A  tvoical  metamathematical  description  of  a  logical  calculus  involves  some  general  inductive 
definitions  of  sentences  in  the  language,  together  with  a  description  of  the  rules  and  an  inductive 
definition  of  derivations  These  definitions  suggest  code  directly,  A  reasonable  question  is-  is  this 
"code"  usable  ana  does  it  do  the  job,  i.e.  is  it  correct?  The  problem  of  changing  inductive 
definitions  (i.e  most  frequently  context  free  grammars  of  one  sort  or  another)  into  parsers  has  been 
discussed  a  lot  We  do  not  go  into  it  here.  One  result  of  this  work,  however,  was  the  recognition  for 
a  kind  of  control  structure  which  we  would  have  found  very  helpful.  It  is  related  to  the  notion  of 
updaters  for  data  structures  (see  Hoare  1973). 

Consider  the  following  description  of  substitution  of  a  term  t  for  a  variable  v,  in  an  expression  •. 
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subst( t,v,o)  s  IF  isfreefori t,v,e)  THEN  rep!ace(t,v,e)  ELSE  e 

isfrcefor{ t,v,«)  «  IF  atomic (e)  THEN  tine 
ELSE  IF  isquantwff(%) 

THEN  IF  bourulvarof{*)*v  THEN  true 

ELSE  IF  bounilvarof(t)ifreevarof(\)^occursfreein(v,e)  THEN/a/ic 
ELSE  Vx(PART(«)ii/r/’f/orO,v,x) 

ELSE  VxtPART (o)isfreefor(\,v,x) 

occur sf reel n(v,«)  a  IF  v=e  THEN  true 

ELSE  IF  atomic(e)  THEN  Ja/se 

ELSE  IF  isquantwff<*Wboundvarof{»)*v  THEN  false 

ELSE  3x(PARTS (*).occursfreein('*,x) 

replaced,*, •)  *  IF  v««  THEN  t 

ELSE  IF  atomic^)  THEN  • 

ELSE  REBUILD  e  USING  replace (t,v,x)  FOR  x(PARTS(«) 


This  code  is  almost  a  direct  translation  of  the  first  order  description  of  the  notions  involved. 
However,  there  appear  constructs  which  are  not  generally  available  in  existing  programm  ng 
languages  and  are  not  impleinentable  simply  or  efficiently  by  a  macro  facility 

Consider  for  example  the  following  four  constructs: 

Vx(AB[x] 

3x(A3[x] 

PARTS(e) 

REBUILD  e  USING  F(x)  FOR  x<PARTS(«) 

Each  of  them  represents  a  kind  of  mapping  function  on  different  data  structures. 

Vx«A.B[x] 

is  interpreted  as  if  A  is  a  "set"  then  for  each  element  of  A,  bind  it  to  x  and  evaluate  B  When  you 
are  finished  return  the  value  of  the  conjunction  of  the  results.  In  MLISP2  this  function  can  be 
realized  by 


FOR  NEW  X  IN  A  DO  :AND  B(X] 

but  we  do  not  use  this  construct  in  the  coJe  below  as  its  translation  into  LISP  is  not  imr  ediate. 
3x<AB[x] 

is  the  same  as  above  replacing  disjunction  for  conjunction. 

The  other  two  constructs  are  more  difficult  as  they  require  a  new  look  at  the  definition  of  data 
structures.  For  PARTS(«),  the  program  must  be  able  to  d':ide  what  kind  of  thing  e  is.  and  how  to 
canonically  take  it  apart  In  our  example  REBUILD  retuMS  the  homomorphic  image  of  •  with  respect 
to  r«plac«  and  the  basic  constructors  of  •.  This  type  of  updating  uata  structures  is  considered  in 
Hoare  1973 
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The  above  examples  show  that  the  direct  translation  of  metamathematics  into  code  requires 
programming  language  features  not  yet  generally  available,  and  show  that  these  features  arise 
naturally  in  applications  These  examples  of  course  do  not  use  assignment  statements  to  "remember" 
certain  facts  and  possibly  are  computed  several  times,  making  this  code  inefficient.  We  do  not 
believe,  however,  that  it  is  too  bad  This  kind  of  redundant  computation  can  be  detected  by  a 
compiler 

The  code  below  is  a  compromise  using  only  those  features  available  in  pure  LISP,  rather  than 
defining  these  constructs  in  LISP  and  then  writing  code  in  terms  of  them 

In  all  cases  the  code  has  been  written  abstract  syntactically  acd  the  actual  data  structures  are  not 
mentioned.  The  ones  we  have  chosen  are  found  in  appendix  7. 
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SECTION  2  Description  of  LCFsmall 

In  this  section  we  describe  LCFsmall  and  compare  it  with  LC.F  as  described  in  Milnei  1972  In 
LCFsmall  no  restriction  has  been  imposed  on  the  logic,  all  the  inference  rules  described  in  Milner 
1972,  section  2  are  included  in  it  On  the  contrary,  icstrictions  have  been  imposed  on  the 
commands  LCFsmall  has  none  of  the  facilities  included  in  LCF  to  help  the  user  in  making  proofs. 
It  has  no  subgoaling  mechanism,  no  simplifications  facilities,  no  possibility  of  declaring  axioms  and 
using  theorems  Steps  of  the  proofs  cannot  be  labeled,  so  the  only  way  of  referencing  them  is  by 
their  stepnumber  Proofs  can  only  be  carried  out  by  a  forward  deduction  without  any  abbreviation 
In  addition,  restrictions  have  been  imposed  on  the  syntax  of  terms.  In  LCFsmall  parentheses  can 
never  be  omitted. 

LCF  has  no  CASES  and  INDUCT  commands,  because  the  corresponding  subgoaling  tactics  are 
more  useful  in  making  proofs  We  have  included  these  commands  in  LCFsmall  since  it  has  no 
subgoaling  mechanism  Moreover,  LCFsmall  has  a  ALPHACONV  command  absent  in  LCF.  It  is 
used  for  changing  names  to  bound  variables.  This  command  is  not  included  in  LCF,  since  it 
automatically  renames  conflicting  variables. 


Section  2.1  Inference  commands 

In  the  description  of  commands,  as  well  as  in  the  code  ci ’vented  in  the  appendices,  the  following 
metavariables  will  be  used 

L,  LI ,  L2  denote  stepnumbers, 

N,  Nl ,  N2.  denote  nonnegative  integers, 

V,  VI,  V2.  denote  identifiers, 

TRM,  TRM1  denote  terms. 

AWF,  AWFI  .  denote  atomic  well  formed  formulas  (awff), 

WF,  WFI  ..  denote  well  formed  formulas  (wff), 

To  facilitate  the  comparison  with  LCF,  commands  are  listed  in  the  same  order  as  in  Milner  1972.  As 
a  general  remark,  note  that  commas  are  never  used  as  delimiters  in  LCFsmall,  blanks  are  used 
instead 

Without  worrying  about  the  data  'tructure  (it  will  be  described  in  3.6)  we  note  that  a  LCF  proof  is  a 
sequence  of  steps.  Each  of  them  is  generated  by  one  of  the  following  commands  and  it  consists  of  a 
stepnumber,  a  wff  (possibly  consisting  of  only  one  awff),  the  list  of  stepnumbers  it  depends  upon, 
and  the  reason,  le  the  command  by  which  it  has  bt*n  obtained. 

ASSUME  AWF, 

generates  a  new  step  in  the  proof  The  AWF  is  added  to  "he  proof  as  a  new  step  depending 
on  itself. 
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INCL  LI  N; 

generates  a  new  step  whose  awff  is  the  N-th  awff  in  the  step  LI,  and  whose  dependencies  are 
the  same  as  LI 

CONJ  LI  L2; 

the  wffs  in  LI  and  L2  are  unioned  and  put  in  a  new  step  whose  dependencies  are  the  union 
of  those  of  LI  and  L2 

CUT  LI  L2; 

if  LI  and  L2  are  steps  in  the  proof  and  if  each  awff  appearing  in  the  dependencies  of  L2 
appear  in  LI,  then  a  new  step  is  generated.  Its  dependencies  are  those  of  LI  and  its  wff  is 
that  of  L2, 

HALF  LI; 

If  the  first  awff  in  LI  contains  the  "5"  symbol,  then  a  new  step  is  generated  Its  awff  is 
obtained  from  the  first  awff  of  LI  replacing  by  The  dependencies  of  the  new  step 
are  those  of  LI 

SYM  LI; 

This  command  is  similar  to  the  previous  one.  In  this  case  the  two  terms  of  the  first  awff  in 
LI  are  interchanged. 

TRANS  LI  L2; 

If  the  first  awff  in  LI  is  of  the  form  TRMUTRM2  and  the  first  awff  in  L2  has  the  form 
TRM2?TRM3,  a  new  step  is  generated.  Its  awff  is  TRMUTRM3  and  its  dependencies  are  the 
union  of  those  of  LI  and  L2.  If  in  one  (or  both)  cf  the  above  awffs  the  symbol  ”cM  appears, 
then  ”c"  will  appear  in  the  new  step. 

APPL  LI  TPM, 

APPL  TRM  LI, 

In  the  first  case,  both  sides  of  the  first  awff  of  LI  are  applied  to  TRM.  In  the  second  case  TRM 
is  applied  to  both  sides  of  the  first  awff  of  LI.  The  dependencies  of  the  new  step  are  those  of 
LI 

ABSTR  LI  V, 

If  V  is  an  identifier  not  occurring  free  in  the  dependencies  of  LI,  then  a  X-abstraction  is  done 
on  both  terms  of  the  first  awff  of  LI.  The  dependencies  of  the  new  step  are  those  of  L ! . 


CASES  Li  L2  L3  TRM; 
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Given  3  stepnumbers  LI,  L2  and  L3  with  the  same  wff,  if  one  of  the  dependencies  of  LI  is 
TRM^TT,  one  of  the  dependencies  of  L2  is  TRMiUU  and  one  of  the  dependencies  of  L3  is 

TRM=FF,  then  a  new  step  is  generated.  Its  wff  is  that  of  LI  and  its  dependencies  are  those  of 

LI,  L2  and  L3  after  having  removed  the  three  above  dependencies  regarding  TRM. 

INDUCT  LI  L2  L3  L4  VI; 

Given  four  stepnumbers  LI,  L2,  L3  and  L4.  if  the  first  awff  of  LI  is  a  f ix point  definition,  i  e 
if  it  has  the  form  FIX5[o<:G.FUN(G)],  if  the  wff  of  L2  is  obtained  replacing  UU  for  VI  in  the  wff 
of  L3,  if  the  wff  of  L4  is  obtained  replacing  FUN(VI)  for  VI  in  .he  wff  of  L3,  and  moreover, 
L3  appears  in  the  dependences  of  L4,  then  a  new  step  is  generated.  Its  wff  is  obtained 
replacing  FIX  for  VI  in  the  wff  of  L3.  The  command  fails  if  one  of  the  above  conditions  is 

not  met  or  if  there  is  some  variable  conflict  in  one  of  the  substitutions.  The  dependencies  of 

the  new  step  are  the  union  of  those  of  LI,  L2,  L3  and  L4,  minus  L3. 


CON V  LI; 

CON  V  TRM, 

The  conversion  command  has  two  forms  in  the  first  one  it  takes  a  stepruimber  LI  as 
argument  In  this  case,  both  terms  of  the  first  awff  of  LI  are  converted  and  the  resulting  awff 
becomes  a  new  step  in  (he  proof  Its  dependencies  are  those  of  LI.  If  the  argument  of  C.ONV 
is  a  term  TRM  a  new  step  without  dependencies  is  generated.  Its  awff  is  TRM=CONVT(TRM). 
CONVT  is  a  function  whkh  converts  terms.  Its  definition  is  given  in  appendix  6.3. 
LCFsmall  has  no  automatic  mechanism  for  changing  the  names  of  conflicting  bound 
variables.  If  there  is  some  variable  conflict,  X-con  versions  aren't  performed  So  the  term 
[Xy  [Xx.y (x)]](x)  is  no'  converted  in  LCFsmall,  while  it  is  converted  to  [Xxl.x(xl)]  in  LCF. 

ETACONV  TRM. 

TRM  is  etaconverted  Suppose  TRM  has  the  form  [Xx.F(x»  with  x  not  free  in  F,  then  a  new  step 
is  generated,  without  dependencies,  whose  awff  is  [Xx.F {x>]=F. 

ALPHACONV  LI  VI  V2; 

ALPHACONV  TRM  VI  V2; 

If  the  first  argumem  of  ALPHACONV  is  a  stepnumber  LI,  then  VI  replaces  V2  in  its  first 
bound  occurrence  in  the  first  awff  of  LI.  The  resulting  awff  is  put  in  a  new  step  whose 
dependence  are  those  of  LI.  If  the  first  argument  is  a  term,  then  a  new  step  is  generated, 
without  dependencies  Its  awff  is  TRM'TRMl ,  where  TRM1  is  obtained  from  TRM  by  replacing 
VI  for  V2  in  its  first  bound  occurrence 

EQUIV  LI  L2; 

Given  two  step  numbers  LI  and  L2  if  the  first  awff  of  LI  has  the  form  TRMlcTRM2  and  the 
first  awff  of  L2  nas  the  form  TRM2cTRMl,  then  a  new  step  is  generated.  Its  awff  is 
TRM1*TRM2  and  its  dependencies  are  the  union  of  those  of  LI  and  L2. 
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REFL1  TRM, 

REFL2  TRM; 

The  first  command  generates  a  new  step  whose  awff  is  TRM=TRM,  without  any  dependency. 
The  awff  generated  by  the  second  command  i<  TRMcTRM. 

MINI  TRM; 

MIN2  TRM 

In  the  first  case  a  new  step  is  generated,  without  dependencies,  whose  awff  is  UUcTRM.  In  the 
second  case  the  awff  is  UU(TRM)«UU. 

CONDT  TRM; 

If  TRM  has  the  form  TT-*TRM1,TRM2  then  CONDT  generates  a  new  step  whose  awff  Is 
TRM=TRM1  with  no  dependency. 

CONDF  TRM. 

If  TRM  has  the  form  FF-*TRM1,TRM2  then  CONDF  generates  a  new  step  whose  awff  is 
TRM*TRM2  with  no  dependency 

CON  DU  TRM; 

If  TRM  has  the  form  UU-*TRM1,TRM2  then  CONDU  generates  a  new  step  whose  awff  is 
TRM=UU  with  no  dependency 

F1XP  LI; 

If  the  first  awff  in  LI  is  a  fixpomt  definition,  i.e.  if  it  is  of  the  form  FIX*[ocG.FUN(G)],  and  if 
FIX  may  be  substituted  for  G  in  FUN(G)  without  variable  conflicts,  then  a  new  step  is 
generated  Its  awff  is  FIX=FUN(F1X)  and  its  dependencies  are  those  of  LI. 

SUBST  LI  OCC  N  IN  L2, 

SUBST  LI  OCC  N  IN  TRM; 

SUBST  has  two  forms  In  the  first  one,  if  the  first  awff  of  LI  is  TRM1*TRM2.  then  TRM2  is 
replaced  for  the  N  th  free  occurrence  of  TRM1  in  the  firt  awff  of  L2.  The  resulting  awff  is  put 
in  a  new  step,  whose  dependencies  are  the  union  of  those  of  LI  and  L2. 

In  the  second  form  the  command  SUBST  operates  on  a  TRM.  If  the  above  hypotheses  hold 
for  LI,  a  new  step  is  generated.  Its  dependencies  are  those  of  LI  and  its  awff  is 
TRMiSU BSTTT(TRM1  ,TRM2,TRM,N).  The  function  SUBSTTT,  defined  in  append'x  6.3, 
substitutes  TRM2  for  the  N-th  free  occurrence  of  TRM1  in  TRM. 
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Section  2.2  Auxiliary  commands 

Besides  the  commands  for  carrying  out  deductions,  LCFsmall  has  the  following  commands 
SHOW  LINE  LI; 

SHOW  LINE  LI  L2; 

In  the  first  case  the  step  LI  is  printed.  In  the  second  case  all  the  steps  between  LI  and  L2  are 
printed 

FETCH  FILENAME , 

All  the  LCFsmall  commands  contained  in  the  file  FILENAME  are  executed  Each  command 
is  treated  exactly  as  if  typed  at  tne  console.  So  the  user  may  prepare  all  the  commands  on  a 
file  and  then  generate  a  proof  by  fetching  this  file. 

CANCEL, 

CANCEL  LI; 

In  the  first  case  the  last  step  in  the  proof  is  deleted.  In  the  second  case  all  the  steps  from  the 
last  one  to  LI  (included)  are  deleted.  If  LI  is  less  or  equal  to  one,  the  entire  proof  is  cancelled. 


Section  2.3  Messages  from  LCFsmall 

The  following  list  includes  all  the  messages  printed  by  LCFsmall: 

SYNTAX  ERROR,  TRY  AGAIN 
This  is  printed  whenevei  a  command  is  improperly  typed. 


NASTY  COMMAND 


This  error  message  is  printed  by  any  command  whenever  it  cannot  be  executed  because  some 
condition  isn't  satisfied.  For  instance,  if  you  are  trying  to  FIXP  a  nonexisting  step  or  a  step  whose 
first  awff  is  not  a  ftxpuint  definition  you  will  get  NASTY  FIXP 


THE  LAST  LINE  IN  THE  PROOF  IS  N 
YOU  HAVE  DEMOLISHED  YOUR  PROOF 
One  of  the  above  sentences  is  the  answer  of  the  system  after  executing  a  cancel  command. 


You  may  also  obtain  something  like 
3246  ILL  MEM  REF  FROM  ATOM 
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if  you  have  messed  up  something  with  LISP'  However  this  shoudn’t  happen. 


Section  2.4  How  to  use  LCFsmall 

If  you  want  to  prove  something  use  LCF:  Anyway,  if  you  really  want  to  use  LCFsmall  type 
R  LCFSML 

you  are  at  LISP  level  and  you  will  get  a  star  If  you  type 
(IN  IT) 

you  ’ll  get  some  stars  and  then  you  are  ready  to  prov-  To  sto'  a  proof  type 

I 

You'll  receiv.-  the  message  END  OF  PROOF  Now  you  are  again  at  LISP  level  Typing 
(RESUME) 

will  make  you  to  go  on  with  the  old  proof  If  you  want  to  start  a  new  proof,  type 
(I  N  IT) 

Your  core  image  may  be  saved  for  later  use  by  the  comrrand 
TC 

SAVE  FILENAME 


Section  2.5  Examples  of  proofs 


Two  sample  LCFsmall  proofs  are  given  here  They  concerns  the  CASE  and 
The  corresponding  LCF  proofs  are  very  different.  In  fact,  they  are  done 
mechanism 


INDUCT  commands, 
using  the  subgoaling 


The  first  statement  we  have  proved  is  the  following  property  of  conditional  expressions: 


(P  (X )— *(P  (X )— *C  1  ,C2),(P(X)-*CI  ,C2))=(P(X)-*C1  ,C2) 

All  the  commands  have  been  typed  in  the  file  TSTCS  They  are 


CONDT  (TT-*(P(X)-*CI  ,C2),(P(X)-*C1,C2)); 
CONDU  (UU— * (P(X )— *C  I  ,C2  ),(P(X)— *C  1  ,C2)); 
CONDU  (UU— *C  I  ,C2); 

CONDF  (FF-*(P(X)-»C1,C2),(P(X)-*CI  ,C2)>; 
SYM  3; 

SUBST  5  OCC  2  IN  2; 
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ASSUME  P(X)-TT; 

ASSUME  P (X )s UU; 

ASSUME  P(X)*FF; 

SYM  7; 

SYM  8; 

SYM  9; 

SUBST  10  OCC  1  IN  1; 

SUBST  1 1  OCC  1  IN  6; 

SUBST  1  1  OCC  1  IN  14; 

SUBST  12  OCC  1  IN  4; 

CASES  13  15  16  P(X); 

The  file  is  then  fetched  and  the  proof  is  done  Th«  printout  of  LCFsmall  is 

R  LCFSML 
(INIT) 

FETCH  TSTCS; 


**♦*1  (TT-»(P(X)-»C!  tC2),(P(X)-»Cl  ,C2))5(P(X)-*C1,C2) 

***♦2  (UU-+(P(X)-»C1,C2)  (P(X)-*C1,C2))=UU 

****3  (UU-*C1  ,C2)^UU 

****4  (FF-»(P(X)-»C1 1C2),(P(X)-»C1,C2))*(P(X)-*CIIC2) 

**»*5  UUMUU-*C1,C2) 

**»*6  (UU— *(P(X )— *C  1  ,C2),(P(X)— »C1  ,C2))s(UU— »C  l  ,C2) 

»***7  P(X)-.TT  (7) 

♦  ***8  P(X)^UU  (8) 

♦***9  P(X)  =  FF  (9) 

****10  TTiP(X)  (7) 

****11  UUnP(X)  (8) 

****12  FF*P(X)  (9) 

****13  (P(X)-*(P(X)-»C1  ,C2),(P(X)-*ClIC2))s(P(X)-*Cl ,C2)  (7) 

****14  (P(X )— *(P(X )— *C  1  ,C2),(P(X)— *C1  ,C2))*(UU— »C  1  ,C2)  (8) 

****15  (P(X)-*(P(X)-»C1,C2),(P(X)-*C1,C2))*(P(XHCI1C2)  (8) 

****16  (P(XH(P(X)-»Cl,C2),(P(XHCl1C2))i(P(X)-*Cl1C2)  (9) 

****17  (P(X)-+(P(X)-*C1  <C2),(P(X)-»C1,C2))*(P(XHC1,C2) 

**** 

*****$ 

END  OF  PROOF 

NIL 

*TC 

TC 


The  next  example  is  taken  from  Milner  1972,  section  3  1.  The  statement  to  be  proved  is: 

FcG  ASSUME  F=[*F  FUN(F)],  GTUN(G). 

The  commands,  typed  in  the  file  TSTIND  are; 

ASSUME  F«[ocF  FUN(F)]; 

ASSUME  GsFUN(G); 

ASSUME  FlcG; 
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MIN!  G; 

APPL  FUN  3;  \ 

SYM  2; 

SUBST  6  OCC  1  IN  5; 

INDUCT  I  4  3  7  FI; 

The  printout  of  LCFsmall  is 


R  LCFSML 

(INIT) 

FETCH  TSTIND; 

F*-[<*F  FUN(F)] 

#***2 

G=FUN(G)  (2) 

****3 

FIcG  (3) 

****4 

UUcG 

##*#E 

FUN(FI)cFUN(G) 

****6 

FUN(G)*G  (2) 

****7 

FUN(Fl)cG  (2 

FcG  (1  2) 

**** 

*****$ 

END  OF  PROOF 

NIL 

*tc 

TC 


) 

(3) 


The  length  of  the  two  above  LCFsmall  proofs  is  comparable  with  that  of  their  corresponding  LCF 
proofs  However,  as  soon  as  the  proof  becomes  more  complex  and  a  considerable  amount  of 
substitutions  and  conversions  hav<?  to  be  done,  the  subgoaling  mechanism  and  -more  important-  the 
simplification  algorithm  of  LCF  become  vital. 
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SECTION  3  Description  of  the  program 

The  MLISP2  program  for  LCFsmall  is  completely  listed  in  the  appendices  I  through  7  In  the 
following  sections,  the  various  components  of  the  program  are  described  They  are 

1)  parser 

2)  top  level  driver 

3)  printing  routines 

4)  commands 

5)  auxiliary  funct’ons 

6)  functions  manipulating  the  data  structure 


Section  3.1  The  Parser 


3.1  1  Scanning  primitives 

This  code  implements  a  backupable  scanner  It  uses  an  array,  TSTACK,  to  store  "tokens”  as  they 
are  scanned.  Actually  the  scanner  returns  both  a  type  and  a  value,  where  “value"  is  the  atom 
scanned  and  “type"  is: 

IDENT  if  the  value  is  an  identifier 
NUMBER  if  the  value  is  a  number 
DEL  if  the  value  is  a  delimiter 

Two  global  variab,os  are  used  to  keep  track  of  what  token  we  are  looking  at  in  the  input  stream. 
They  are  PC  and  ENDSTACK  PC  points  into  TSTACK  at  the  place  the  LCFsmall  scanner  is 
looking  ENDSTACK  is  the  last  location  in  TSTACK  that  has  been  filled  from  the  current  input. 
TSTACK  is  necessary  becausp  scan  destroys  the  input  stream,  and  the  LCFsmall  parser,  being  top 
down,  needs  to  back  up  over  the  input  The  main  accessing  routine  for  TSTACK.  is  the  function 
tstack  which  calls  scan  if  not  enough  tokens  have  been  read. 

scant):  returns  a  pair  consisting  of  the  token  scanned  and  its  type. 

setupt):  sets  PC=0  and  ENDSTACK--0  and  declares  the  array  TSTACK 

token:  simply  advances  the  LCFsmall  scanner 

tokenvt):  advances  the  scanner  and  returns  the  value  of  the  new  thing  poin^d  to. 
tokentt):  advances  the  scanner  and  returns  the  type  of  the  new  thing  pointed  to. 
tstack(n):  finds  the  n-th  element  of  TSTACK,  if  its  not  ihere  it  calls  scan  until  it  is 
peekv(n):  returns  the  n-th  token  ahead  of  PC. 
p««kt(n):  returns  the  type  of  the  n-th  token  ahead  of  PC. 
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flusM):  starts  thp  LCFsmall  scanner  over  by  setting  PC=0  and  ENDSTACK=0 

nextv(x):  remrns  T  if  the  value  of  the  next  token  is  x,  NIL  otherwise 

nexM(x):  returns  T  if  the  type  of  the  next  token  is  x,  NIL  otherwise 

The  function  scan  was  not  written  with  efficiency  in  mind.  It  uses  ordinary  LISP  functions  whose 
properties  we  know  about  This  is  because  we  hope  someday  to  prove  the  correctness  of  this 
program.  Note  that  the  only  functions  not  define  <e  in  pure  LISP  are  READLIST,  ASCII,  TYI, 
and  TSTACK.  Arrays  could  easily  be  eliminated  in  f-vor  of  lists.  The  array  TYPE  stores  the  type 
of  a  character,  0  for  letters,  I  for  digits,  2  for  delimiters,  3  for  characters  to  be  ignored  when 
budding  tokens  (like  form  feeds).  The  special  global  variables  can  be  eliminated  from  the  code  in 
favor  of  [jure  LISP  iri  the  standaid  way 


3.1  2  The  wff  parser 

Rather  than  describing  everything  in  detail  we  will  explain  the  parser  by  explaining  some  examples. 
Consider 

EXPR  TERMO; 

BEGIN  NEW  START, REP,X,Y;START-PC; 

IF  X-SIMPLTERMO  THEN  REP-X  ELSE  RETURN  NIL; 

A;  IfVpARIWY-TERMOJaRPARO  THEN  REP-(’?!APPLY  CONS  REP  CONS  Y)  ALSO  GO  A; 

PC-START; 

RETURN(REP);END; 

The  local  variable  START  is  to  remember  where  the  global  variable  PC  was  pointing  when  the 
function  was  entered,  i.e.  START-PC  The  convention  for  a  parsing  function  is  that  either  it  exits 
successfully  with  a  non  NIL  value  and  leaves  PC  pointing  to  the  next  token  to  be  looked  at  or  it 
returns  NIL  and  leaves  the  value  of  PC  as  it  was  when  the  function  was  entered.  The  code 

IF  X-SIMPLTERMO  THEN  REP-X  ELSE  RETURN  NIL; 

checks  if  a  SIMPLTERM  is  scanned.  In  this  case  REP  gets  it  as  a  value.  If  not  (by  our  convention) 
SIMPLTERM  returns  NIL,  and  PC  is  left  as  it  was,  so  TERM  returns  NIL  and  PC  remains  unchanged 
If  we  have  found  a  SIMPLTERM,  TERM  has  succeeded  and  we  enter  a  loop,  update  the  place  in  the 
input  stream  we  backup  to  when  we  exit  TERM  and  look  for  repetitions  of  a  left  parenthesis  (LPAR), 
followed  by  e  TERM,  followed  by  a  light  parenthesis  (RPAR). 

A;  START-PC; 

IF  LPAR()a(Y-TERM())aRPAR()  THEN  REP-('?IAPPLY  CONS  REP  CONS  Y)  ALSO  GO  A; 

After  each  successful  repetition  REP  gets  the  internal  representation  of  an  application  term,  i.e 
F(x)-*(APPLYI  F  x ).  When  the  loop  test  eventually  fails  we  restore  PC  and  return  the  term  stored  in 

REP 


Section  3.2  Top  level  driver 
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LCFsmall  is  started  by  the  IN  IT  function.  This  and  the  other  top  level  functions  are  listed  in 
appendix  2  INIT  spts  the  base  for  numbers  to  10,  initializes  the  scanner  and  then  initializes  the 
proof  PROOF,  the  global  variable  which  keeps  record  of  the  proof,  is  set  to  NIL  and  PFLENGTH, 
the  proof  length,  is  set  to  0  Then  RESUME  is  called.  It  takes  into  account  the  f«ct  that  the  input 
commands  may  be  read  from  the  console  or  from  a  fetched  file.  It  calls  the  function  LCFPROOF 
which  builds  up  the  proof  by  a  rea,'  txecute-iurite  loop. 

LCFPROOF  makes  a  test  on  the  content  of  the  input  buffer  If  its  first  character  is  8,  then  an  end 
of  proof  message  is  typed  and  the  proof  is  stopped.  If  a  command  is  parsed  and  executed  the  loop 
goes  on  The  function  LINE  controls  the  execution  of  LCF  commands.  After  a  command  has  been 
successfully  parsed  and  executed,  if  the  value  returned  is  a  proof  step,  then  it  is  added  to  the  proof 

If  none  of  the  expected  command  is  paised,  the  input  buffer  is  scanned  ty  the  function  BADLINE 
until  the  first  semicolon  is  met  Then  an  error  message  is  printed 


Section  3.3  Printing  routines 

The  printing  routines  are  listed  in  appendix  3.  They  depend  on  the  internal  representation  of  terms, 
awffs,  wffs  and  proof  steps,  which  is  described  in  section  3.6. 

PRINTAWFF  is  the  printing  routine  for  terms  and  awffs.  They  are  transformed  from  the  internal 
prefix  form  to  a  parenthetized  form 

PR1NTMES  prints  messages,  it  takes  the  string  to  be  printed  as  argument.  PRINTM  is  used  to 
print  a  message  when  some  steps  in  the  proof  have  been  cancelled  The  string  to  be  written  is  fixed, 
the  argument  of  PRINTM  is  the  proof-length  after  the  cancellation 

PRINTNEWLINE  prints  the  newly  generated  line,  whenever  a  command  is  successfully  executed 
The  stepnumber,  the  wff  and  its  dependencies  are  printed  PRINTLINE  is  like  PRINTNEWLINE, 
but  it  may  print  any  step  in  the  proof  not  necessarily  the  last  one.  It  prints  also  the  reason  of  the 
step 

PRINTLST  is  an  auxiliary  printing  routine  which  prints  a  list  of  awffs  separated  by  blanks 


Section  3.4  Commands 

The  commands  are  shown  in  appendices  4  and  5.  T!  ey  are  listed  in  the  same  order  as  they  are 
descnbd  in  sections  2  1  and  2.2.  Every  command  is  realized  by  two  functions  The  first  one  performs 
a  check  on  the  syntax  of  the  input  sentence.  If  the  expected  command  is  successfully  parsed  then  the 
corresponding  semantic  function  is  called,  otherwise  the  pointer  is  restarted  in  the  input  buffer.  This 
allows  the  input  sentence  to  be  tested  again  to  see  if  we  are  faced  with  another  command  or  if  there 
is  a  syntax  error  in  the  input  Each  semantic  function  performs  a  series  of  tests  to  see  whether  or  not 
the  conditions  for  the  applicability  of  the  corresponding  rule  are  met.  In  this  case  it  returns  a  new 
step  to  be  added  to  the  proof,  otherwise  it  returns  the  message  NASTY  COMM  AND. 

We  think  that  all  the  syntactic  and  semantic  functions  realizing  the  LCFsmall  commands  are 
sufficiently  clear,  after  having  read  the  description  of  the  commands  given  in  sections  2.1  and  2.2 


LCFsmall 


15 


Section  3  5  Auxiliary  functions 

The  auxiliary  functions  and  predicates  used  in  defining  the  commands  are  listed  in  appendices  6 
and  7  Appendix  7  contains  the  predicates  and  functions  directly  dealing  with  the  data  structure, 
they  will  be  described  in  the  next  section.  The  functions  and  predicates  listed  in  appendix  6  have 
been  divided  into  three  groups  and  wi'l  be  discussed  in  the  three  following  subsections. 


3.5  1  Predicates  on  free  and  bound  occurrences  of  variables 

NOTBNDVT(V.TRM)  is  a  predicate  true  if  V  has  no  bound  occurrences  in  TRM  BOUNDV  is  its 
negation 

NOTFR  VT(V,TRM)  is  a  predicate  true  if  V  has  no  free  occurrences  in  TRM  FREEV  is  its  negation 

NOTFREV W(V,WF)  is  true  if  V  has  no  free  occurrences  in  the  wff  WF.  NOTFREE(V.LN)  is  true  if 
V  doesn’t  occur  free  in  the  wffs  associated  with  the  stepnumbers  in  the  list  LN. 

I$FREEFORT(X,V,TRM)  is  true  if  X  (a  term  or  a  variable)  may  be  substituted  for  V  in  the  term  TRM 
without  conflicts  of  bound  variables  !SFREEFORW(X,V,WF)  is  the  analogue  for  wffs 


3.5.2  Functions  used  in  INCL.  CUT,  CASES,  SHOW 

/ 

The  functions  described  in  this  section  are  listed  in  appendix  6  2. 

PICKUP  is  used  in  the  command  INCL  for  selecting  the  n-th  awff  in  a  wff. 

INCLTEST(LN,WF)  uses  TESTM  It  is  used  in  CUT  to  check  if  every  wff  associated  with  the 
stepnumbers  in  the  list  LN  appears  in  WF. 

TESTCASES  and  TESTC  are  used  in  testing  the  applicability  of  the  cases  rule  FIND  and 
REMOVE  are  used  in  building  up  the  dependency  part  of  the  step  generated  by  the  CASES 
command 

OFT  is  used  in  the  SHOW  command  to  parse  an  optional  part  in  the  input  string 


3.5.3  Conversion  and  substitution  routines 

The  conversion  and  suostitution  routines  are  listed  in  appendix  6.3. 

CON  VT(TRM)  performs  all  the  possible  lambda-conversions  on  TRM.  If  it  is  an  identifier,  no 
conversion  can  be  done  If  it  is  composed  of  various  parts,  then  the  conversion  „  recursively  done 
on  them  If  it  is  an  application  term,  then  tests  are  performed  to  see  if  z  conversion  can  be  done  and 
if  the  resulting  term  can  be  further  converted. 

SUB$TG(TRM,X,V1)  is  the  "general"  substitution  routine.  X,  a  variable  or  a  term,  replaces  VI  in  all  its 
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free  occurrences  in  TRM  A  test  is  done  on  TRW  and  X  is  recursively  substituted  in  all  the  components 
of  TRM  When  faced  with  a  lambda  term  oi  a  mil-term  a  test  is  done  to  detect  conflicts  of  variables 

ACON  V(TRM,VI  ,V2)  performs  an  alpha-conversion  on  TRM.  VI  replaces  V2  in  its  first  bound 
nonconflictmg  occurrence 

SU B W(AWF I ,AWF2,N)  is  an  aux.liary  function  used  in  the  command  SUBST,  when  it  is  applied  to 
vo  stepnumbeis.  AWFI  is  the  awff  in  which  the  substitution  takes  place.  The  term  at  the  left  hand 
side  of  AWF2,  denoted  as  TRMI,  replaces  the  term  at  the  right  hand  side  of  AWF2,  denoted  as  TRM2, 
in  its  N  th  occurrence  Tht*  global  variable  SUBCOUNT  is  set  to  N,  it  will  mark  the  occuirence 
where  the  substitution  mus  be  done  The  substitution  is  first  attempted  on  the  term  at  the  left  hand 
side  of  AWFI  If  not  performed  there,  then  it  is  attempted  in  the  term  at  the  right  hand  side  of 
AWFI 

SUB$TTT(TRM1  ,TRM2,TRM3,N)  is  used  by  the  command  SUBST  when  its  last  argument  is  a  term. 
TRM2  replaces  TRM3  in  its  N-tl  occurrence  in  TRMI 

DOSUBST(TRMI  ,TRM2,TRM3>  the  auxiliary  function  that  performs  the  substitution  of  TRM2  for 
TRMI  in  TRMI  A  test  is  done  on  TkM!  and  the  substitution  is  recursively  attempted  on  its  various 
parts  SUBCOUNT  is  decremented  whenever  an  occurr  nee  is  found  and,  when  its  value  is  0  the 
substitution  takes  place  Occurrences  where  conflicts  arise  among  variables  are  not  counted. 


Section  3.6  The  Data  Structure 

All  the  functions  directly  manipulating  the  data  structure  are  listed  in  appendix  7 

In  appendix  7  I  all  the  constructors  are  listed.  By  constructor  we  mean  a  function  that  assembles 
structured  data. 

MKCONDTERM,  MKAPPLTERM,  MKLAMBDATERM  and  MK MUTER M  define  the  internal 
representation  of  terms.  They  are  represented  as  LISP  S-expressions  whose  fust  element  denotes  the 
nature  of  the  term  and  is  followed  by  the  components  of  the  term  Awffs  are  assembled  by 
MKAWFF  They  are  S-expressions  whose  first  element  is  the  relation  symbol  *  or  c.  MKWFF 
assembles  wffs  of  just  one  awff  In  general  wffs  may  be  lists  of  more  than  one  awff  For  instance 
those  produced  by  the  function  UNIONW  (see  appendix  7.4)  used  in  the  command  CONJ 

The  proof  is  represented  as  a  list,  initially  it  is  set  to  NIL.  Each  step  is  added  to  this  list  by  the 
function  ADDLINE  (see  appendix  7  4)  and  is  assembled  by  the  constructor  MKPROOFSTEP. 
Proof  steps  have  the  form  of  a  list  of  three  elements:  a  wff,  a  list  of  dependencies  and  a  reason 
assembled  by  the  constructor  REASON.  The  function  ADDLINE  puts  the  stepnumber  in  front  of 
each  proof  step 

Appendix  7  2  contains  the  list  of  all  the  selectors  used  in  retrieving  the  various  components  of  the 
terms,  awffs  and  the  proof. 

Appendix  7  3  contains  a  list  of  predicates  used  in  the  program.  These  predicates  are  tests  on  the 
nature  of  terms,  awffs  etc. 
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Some  miscellaneous  functions  are  listed  in  appendix  7f  UNIONOF  is  the  set  theoretic  union  for 
lists  of  numnbers,  UNIONW  is  the  set  theoretic  union  for  wffs,  manely  for  lists  of  awffs.  ADDLINE 
(see  above)  increments  the  variable  PFLENGTH  (proof  length)  by  1  and  adds  a  new  step  to  the 
proof  SEARCH  is  used  to  search  steps  in  the  proof,  LNT  gives  the  length  of  a  list,  and  finally 
SUBW  V(WF,X,V)  substitutes  X  for  each  occurrence  of  V  in  WF.  It  is  used  in  the  command  INDUCT. 
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APPENDIX  I 
THE  PARSER 


1.1  Special  variables 
PC, 

ENDSTACK, 

PROOF, 

PFLENGTH, 

SUBCOUNT; 


1.2  Scanner  for  LCFsmall 
EXPR  readlistlXj; 

READLIST(A'„CII(OCTAL  57)  CONS  X); 


EXPR  scan!  :X); 

IF  EQ(X-TYPE(CHAR),0)  THEN  idscan() 

ELSE  IF  EQ(X,1 )  THEN  nurascanO 
ELSE  IF  EQ(X,2)  THEN  dalscanO 
ELSE  CHAR-TYK)  ALSO  scan(); 

> 

EXPR  idscanO; 

BEGIN  NEW  TOKEN, X; 

■  TOKEN- <  ASCII  (CHAR)); 

A;  IF  EQ<X-TYPE(CHAR-TYI()),0)vEQ(X,l) 

THEN  TOKEN-ASCII(CHAR)  CONS  TOKEN  ALSO  GO  A; 
RETURN(readlist(REVERSE(TOKEN))  CONS  'IDENT);  END; 

(  / 

EXPR  numscanO; 

BEGIN  MW  TOKEN; 

TOKEN-<ASCII(CHAR)); 

A;  IF  EQ(TYPE(CHAR-TYI()),I ) 

THEN  TOKEN*- ASCII  (CHAR)  CONS  TOKEN  ALSO  GO  A; 

>  RETURN(readlist(REVER$E(TOKEN))  CONS  ’NUMBER);  END; 

EXPR  delscanO; 

BEGIN  NEW  TOKEN; 

TOKEN*-<ASCII(CHAR)>; 

CHAR-TYIO; 

RETURN(readlisKTOKEN)  CONS  ’DEl);END; 

EXPR  setupO; 

BEGIN  NEW  X; 

ARRAY(TYPE,36,CONS(0,!27)); 

ARRAY(TSTACK,T, CONS  (0,500)); 


LCFsmall 


FOR  X-0  TO  127  DO  TVPE(X)«-2; 

FOR  X«- OCTAL  01  1  TO  OCTAL  015  DO  TYPE(X)<-3; 

FOR  X«-OCTAL  060  TO  OCTAL  071  DO  TYPE(X)-1; 

FOR  X«-OCTAL  101  TO  OCTAL  132  DO  TYPE(X)<-0; 

FOR  X«-OCTAL  141  T)  OCTAL  172  DO  TYPE(X)«-0; 

TYPE(OCTAL  040)<-3;  TYPEiOCTAL  175)<-3;  TYPEIOCTAL  177)«-3;  END; 


1.3  Parsing  primitives 

EXPR  token!);  PC«-PC‘I; 

EXPR  »okenv();  CAR  tstack(PC«- PC*  1 ); 

EXPR  tokentO;  CDR  tstack(PC*-PC*  1 ); 

EXPR  tstack(N); 

IF  ENDSTACK  LESSP  N 

THEN  FOR  NEW  l*-(ENDSTACK*l )  TO  N  DO  TSTACK(l)«-scan() 
ALSO  ENDSTACK*-N 
ALSO  TSTACK(N) 

ELSE  TSTACK(N); 

EXPR  peekv(N);  CAR  tstack(PC‘N); 

EXPR  peekt(N);  CDR  istack(PC*N); 

EXPR  flushO;  BEGIN  PC-0;  ENDSTACK«-0;END; 

EXPR  nextv(X);  EQ(X,CAR  tstack(PC*l )); 

EXPR  nextt(X);  EQ(X,CDR  tstack(PC*l )); 


1.4  Parser 


EXPR  TERMO; 

BEGIN  NEW  START, REP, X,Y;START-PC; 

IF  X-SIMPLTERMO  THEN  REP^X  ELSE  RETURN  NIL; 

A;  START*PC; 

IF  LPAR()a(Y<-TERM())aRPAR() 

THEN  REP*-(‘?!APPLY  CONS  REP  CONS  Y)  ALSO  GO  A; 
PC-START; 

RETURN(REP);END; 


EXPR  CONDTERMO;  . 

BEGIN  NEW  START, X.Y.Z;  START»-PC; 
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IF  LPAR()a(X*-TERM())aRARR0W()a(Y*-TERM())aC0MMA()a(2<'TERM())aRPAR() 
THEN  RETURN(  ’?!COND  CONS  X  CONS  Y  CONS  2); 

PC*-START;END; 

EXPR  LAMBOATERMO; 

BEGIN  NEW  START, X,Y;  START-PC; 

IF  LSOBRACKET()Alambda()A(X-IDENT())APERIOD()A(Y^TERM())ARSQBRAC!<ET() 
THEN  RETURN(  7ILAMBDA  CONS  X  CONS  Y); 

PC-START;END; 

EXPR  MUTERMO; 

BEGIN  NEW  START, X,Y;  START*-PC: 

IF  LSr^RACKE  ;)aMU()a(X»-IDENT())aPERIOO()a(Y«-TERM())aRSQBRACKET() 
THEN  \r.T-RN!  ’?!MU  CONS  X  CONS  Y); 

PC-START;END; 


EXPR  SIMPLTERMO; 

BEGIN  NEW  START, X;START*-PC, 
IF  (X*-IDENT ())  v 
(X«-CONDTERM())  v 
(X-LAMBDATERMO)  v 
(X-MUTERMO)  v 
(LPAROa(X^TERMO)aRPARO) 
THEN  RETURN  X; 
PC*-START;END; 


EXPR  AWFFO* 

BEGIN  NEv.  START, X,R,Y;  START*-PC; 

IF  (X-TERM())a(R^REL())a{Y^TERM()) 

THEN  RETURN(  R  CONS  X  CONS  Y); 

PC-START;END; 

EXPR  WFF(); 

BEGIN  NEW  START, REP, X;START-FC; 

IF  X*-AWFF()  THEN  REP-<X>  ELSE  RETURN  NIL; 

A;  START*- PC; 

IF  COMMA()a(X*-AWFF())  THEN  REP-<X>oREP  ALSO  GO  A; 
PC*-START; 

RETURN(REP);ENO; 


EXPR  IDENTO;  IF  EQ(peekt(l  ),TDENT)  THEN  tokenvO  ELSE  NIL; 

EXPR  NUMBERO;  IF  EQ(peekt(l ), ’NUMBER)  THEN  VALUE(tokenvO)  ELSE  NIL; 
EXPR  RELO;  IF  nextv(70vnextv(7<=)  THEN  tokenvO  ELSE  NIL; 

EXPR  CHECK(X);  IF  nextv(X)  THEN  tokenO  ELSE  NIL; 

EXPR  SCO;  IF  nex»v('?;)  THEN  token()  ELSE  NIL; 

EXPR  LPAR();  IF  nextv('?()  THEN  token()  ELSE  NIL; 

EXPR  RPAR();  IF  nextv(7))  THEN  token()  ELSE  NIL; 

EXPR  RARROWO;  IF  nextv(7-»)  THEN  tokenO  ELSE  NIL; 

EXPR  COMMAO;  IF  nex»v(7,)  THEN  tokenO  ELSE  NIL; 

EXPR  COLONO;  IF  nextv(7:)  THEN  tokenO  ELSE  NIL; 

EXPR  DOLLARO;  IF  nextv(7$)  THEN  tokenO  ELSE  NIL; 

EXPR  PFRIODO;  IF  nextvC?  )  THEN  tokenO  ELSE  NIL; 

EXPR  LSQBRACKETO;  IF  nextv('?[)  THEN  tokenO  ELSE  NIL; 

EXPR  RSQBRACKETO;  IF  nextvC?])  THEN  tokenO  ELSE  NIL; 
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EXPR  lambda!);  IF  nextv('?X)  THEN  loken()  ELSE  NIL; 
EXPR  MU();  IF  nextv('?o<)  THEN  token!)  ELSE  NIL; 


EXPR  VALUE(X); 

(REAOLIST (CDR(EXPLODE  X))); 
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APPENDIX  2 

TOP  LEVEL  ROUTINES 


EXPR  INIT(); 
BEGIN 
LISPINITO; 
SCNINIT  (); 
LCFINITO; 
END; 


EXPR  LISPINITO; 
BEGIN 

?*NOPOINT-T; 
BASE -10; 
IBASE  -10  ; 
END; 


EXPR  SCNINITO; 
BEGIN 
CHAR  -  40; 
PC-1; 

ENDSTACK-O; 

setup!); 

END; 


EXPR  LCFINITO; 
BEGIN 
PROOF-NIL; 
PFLENGTH  -  0; 
RESUMEO; 

END; 


EXPR  RESUMEO; 

BEGIN  NEW  X; 

A;  X-ERRSET(LCFPROOFO); 

IF  EO(X,'?|ECF?|)  THEN  INC(NIL.T)  ALSO  flush!)  ALSO  GO  A; 
END; 


EXPR  LCFPROOFO; 

BEGIN 

A;  PRINC(TERPRI ("****")); 

IF  DOLLAR!)  THEN  PRINTMESC'END  OF  PROOF") 
ALSO  flush!) 

ALSO  RETURN(PRINC("  ")); 

IF  LINE!)  v  BADLINEO  THEN  flush!)  ALSO  GO  A; 
END; 


EXPR  LINE!); 

BEGIN  NEW  NC; 

IF  (NC-FETCHO)  v 
IF  (NC-ASSUMEO) 
(NC-REFL1  ())  v 


(NC-SHOWO)  v  (NC-CANCELO)  THEN  RETURN(NC); 
v  (NC-INCLO)  v 
(NC-REFL20) v 
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(NC-MIN10)  v  (NC«-MIN2())  v 
(NOALPHACONVO)  v(NC-SUBSTO)  v 
(NC-ABSTRO)  v  (NC-FIXPO)  v 
(NC-CONDTO)  v  (NC-CONDFO)  v 
(NC*-CONDU())  v  (NC-EQUIVO)  v 
(NC-HALFO)  v  (NC-SYMO)  v 
(NC*-TRANS())  v  (NOAPPL0)  v 
(NC-CONJO)  v  (NC*-CUT())  v 
(NC«-CA$ES0)  v  (NCHNDUCTO)  v 
(NC*-  CONVO)  v  (NC-ETACONVO) 

THEN  (IF  ISLINE(NC)  THEN  ADDUNE(NC)  ALSO  PRINT NEWLINEO); 

RETURN  (NC); 

END; 

EXPR  BADLINEO; 

BEGIN 

A;  IF  -nextvC?;)  THEN  toKen()  ALSO  GO  A; 

PRINTMES(  "SYNTAX  ERROR;TRY  AGAIN”);  ■ 

>  RETURN  (PRINC("  ")); 

END; 
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APPENDIX  3 

PRINTING  ROUTINES 


EXPR  PRINTAWFF(AWF); 

BEGIN  NEW  CR; 

IF  ATOM(AWF)  THEN  RETURN  PRINC(AWF); 
CR«-CAR(AWF); 

IF  E0(CR,’?h)  v  EQ(CR/?c) 

THEN  BEGIN  PRINTAWFF(CADR  AWF); 

PRINC(CR); 

PRINT AWFF(CDDR  AWF);  END; 

IF  EO(CR,’?!APPLY) 

THEN  BEGIN  PRINTAWFF(CADR  AWF); 

PRINC(’7(  ); 

PRINTAWFF(CDDR  AWF); 

PRINCC?));  END; 

IF  EQ(CR,'?!COND) 

THEN  BEGIN  PRINC('7(  ); 

PRINTAWFF(CADR  AWF); 

PRINCC?-*); 

PRINTAWFF(CADDR  AWF); 

PRINCC?,); 

PRINT AWFF(CDDDR  AWF); 

PRINCC?));  END; 

IF  EOICR/’ILAMBDA) 

THEN  BEGIN  PRINC(’?[?X); 

PRINTAWFF(CADR  AWF); 

PRINCC7.); 

PRINTAWFF(CDDR  AWF); 

PRINCC?]);  END; 

IF  EQ(CR,’?!MU) 

THEN  BEGIN  PRINC('?[?<*); 

PRINTAWFF(CADR  AWF); 

PRINCC?.); 

PRINTAWFF(CDDR  AWF); 

PRINCC?]);  END; 

END; 

EXPR  PRINTMES(X); 

TERPRKPRINC(TERPRKX))); 

EXPR  PRINTM(N); 

BEGIN 

PRINC(TERPRI("THE  LAST  LINE  IN  THE  PROOF  IS:  ")); 
RETURN(TERPRI(PRINC(N))); 

END; 


EXPR  PRINTNEWLINEO; 

BEGIN  NEW  X; 

X-PROOF[l]; 

PRINC(X[  1  ]);  IF  (X[l ]>  1 0 )  THEN  PRINCC  ”)  ELSE  PRINCC  "); 
PRINTLST(X[2]);  PRINCC’  '*); 

RETURN  PRINCOF  NULL(X[3])  THEN  ”  "  ELSE  X[3]);  END; 
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EXPR  PRINTLINE(X); 

BEGIN 

PRINC(X[  1  ]);  IF  (X[l]>10)  THEN  PRINC("  “)  ELSE  PRINCf  “); 
PRINTLST(X[2]);  PRINCf  "); 

PRINCdF  NULL(X[3 ])  THEN  "  "  ELSE  X[3]);  PRINCf  ”); 

IF  AT0M(X[4])  THEN  RETURN  PRINC(X[4])  ELSE  RETURN  PRINTLST(X[4]); 
END; 

EXPR  PRINTLST(X); 

IF  NULUCDR  X)  THEN  PRINT  AWFF'X[1  ])  ELSE 
BEGIN  PRINTAWFF(X[1  ]); 

PRINCf  "); 

RETURN  PRINTLST(CDR  X);END; 
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APPENDIX  4 

INFERENCE  COMMANDS 


EXPR  ASSUMED; 

BEGIN  NEW  AWF.STA  ?T;  START-PC; 

IF  CHECK('ASSUME)  a  (AWF-AWFFO)  a  SCO 
THEN  RETURN  ASSUMESEM(AWF);  PC^-START; 

END; 

EXPR  ASSUMESEM(AWF); 

MKPROOFSTEP(<AWF>,<PF!.ENGTH  *  D.'ASSUME  ); 

rvpo  Iisin  l\. 

BEGIN  NEW  L 1  ,N,ST ART ;  START-PC; 

IF  CHECK('INCL)  a  (Ll-NUMBERO)  a  (N«-NUMBER0)  a  SCO 
THEN  RETURN  INCLSEM(ll ,N);  PC^START; 

END; 


EXPR  INCLSEM(L I  ,N  :WF); 

IF  ISPROOFSTEP(Ll)  aISINCL(N,WF-WFFOF(L1)) 

THEN  MKPROOFSTEP(PICKUP(WF,N),DEPOF(Ll  ),REASON('INCL,<Ll  ,N>)) 
ELSE  PRINTMESC'NASTY  INCL’’); 

cy  □  p  rnr,  'O* 

BEGIN  NEW  LI  ,L2P START;  START*-PC; 

IF  CHECK('CONJ)  a  (U-NUMBERO)  a  (L2-NUMBER0)  A  SCI) 

THEN  RETURN  C0NJSEM(L1  ,L2);  PC»-START; 

END; 

EXPR  CONJSEM(Ll  ,Li ); 

IF  ISPROOFSTEPdl )  a  ISPROOFSTEP(  L2) 

THEN  MKPROOFSTEP(UNIONW(WFFOF(LI  ),WFFOF(L2 )), 
UNIONOF(DEPOF(Ll  ),0EP0F(L2 )), 
REASON(,CONJ1<Ll,L2») 

ELSE  PRINTMESC’NASTY  CONJ"); 

EXPR  CUT ( ) • 

BEGIN  NEW  LI,L2,START;START-PC; 

IF  CHECK('CUT)  a  (L1-NUMBER0)  a  (L2-NUMBERO)  A  SCO 
THEN  RETURN  CUTSEM(LI  ,L2);  PC«-START; 

END; 


EXPR  CUTSEM(L  1  ,L2); 

IF  ISPROOFSTEP(Ll)  a  ISPROOFSTEPIL2)  a  INCLTEST(OEPOF(L2),WFFOF(Ll )) 
THEN  MKPROOFSTEP(WFFOF(L2),OEPOF(Ll  ).REAS0NCCUT,<LI,12>)) 

ELSE  PRINTMESC'NASTY  CUV’); 

EXPR  HALFO; 

BEGIN  NEW  LI  .START;  STARV-PC; 

IF  CHECK(’HALF)  a  (L 1  ^-NUMBERO)  a  SCO 
THEN  RETURN  HALFSEM(LI);  PC-START; 

END; 
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EXPR  HALFSEM(L1  :AWF); 

IF  ISPROOFSTEPfU  )  a  ISEOUIVAWFF(AWF>~AWFFOF(Li )) 

THEN  MKPR00FSTEP(MKWFF(7ciFSTERM0F(AWF),SNTERM0F(AWF)),DEP0F(L1), 
REASON(’HALF,<LI») 

ELSE  PRINTMESC'NASTY  HALF"); 

EXPR  SYMO; 

BEGIN  NEW  LI  .START;  START*-PC; 

IF  CHECK('SYM)  a  (LI*-NUMBERO)  a  SCO 
THEN  PFTURN  SYMSEMlI);  PC»-START; 

END; 


EXPR  SYMSEM(LI  ;AWF); 

IF  ISPROOFSTEP(L! )  a  ISEOUIVAWFF(AWF*-AWFFOF(L1 )) 

THEN  MKPROOFSTEP(MKWFF(‘?=,SNTERMOF(AWF),FSTERMOF(AWF)),DEPOF(Ll), 
REASON('SYW,<L  1  >)) 

ELSE  PRINTMESC’NASTY  SYM"); 

EXPR  TRANSO; 

BEGIN  NEW  LI ,L2,START;START*-PC; 

IF  CHECK('TRANS)  a  (L 1  *-NUMBER()>  a  (L2*-NUMBER())  a  SCO 
THEN  RETURN  TRANSSEM(Ll  ,L2);  PC-START; 

END; 

EXPR  TRANSSEM(LI  ,L2  -AWF1  AWF2  REL); 

IF  ISPROOFSTEPfU)  a  ISPROOFSTEP(L2) 

a  EQUAL(SNTERMOF(AWFI  -AWFFOF(LI  )),FSTERM0F(AWFi>AWFF0F(L2))) 
THEN  (IF  ISEQUIVAWFF(AWFI)  a  !SEQUIVAWFF(AWF2) 

THEN  REL  *-  ('?*)  ELSE  REL  C?c)) 

ALSO  MKPROOFSTEP(MKWFF(REL,FSTERMOF(AWF1),SNTERMOF(AWF2)), 
UNIONOF(DEPOF(LI  ),DEPOF(L2)), 

REASON('TR  ANS,<L  I  ,L2») 

ELSE  PRINTMESC'NASTY  TRANS"); 

EXPR  APPLO* 

BEGIN  NEW  LI  ,TRM, START-  START«-PC; 

IF  CHECK('APPL)  a  (TRM*-TERM())  a  (U«-NUMBER())  a  SCO 
THEN  RETURN  APPLSEMI  (TRM.LI );  PC*-START; 

IF  CHECK('APPL)  a  (LI*-NUMBER())  a  (TRM*-TERM())  A  SCO 
THEN  RETURN  APPLSEM2(L1  ,TRM);  PC«-START; 

END; 


EXPR  APPLSEMI  (TRM.LI  :AWF); 

IF  ISPROOFSTEP(Ll)  THEN 

MKPROOFSTEP(MKWFF(RELOF(AWF*-AWFFOF(LI)),MKAPPLTERM(TRM,F$TERMOF(AWF)), 

MKAPPLTERM(TRM,SNTERMOF(AWF))), 

DEPOF  (L I  ),REASON('APPL,<TRM,Ll  >)) 

ELSE  PRINTMESC’NASTY  APPL"); 


EXPR  APPLSEM2(LI,TRM;AWF); 

IF  ISPROOFSTEP(Ll)  THEN 

MKPRQOFSTEP(MKWFF(RELOF(AWF*-AWFFOF(Ll  )),MKAPPLTERM(F$TERMOF(AWF),TRM), 

MKAPPLTERM(SNTERMOF(AWF),TRM)), 

DEPOF(L  1  ),REASON(’APPL,<L  l  ,TRM») 

ELSE  PRINTMESC’NASTY  APPL”); 
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EXPR  ABSTRO; 

BEGIN  NEW  L1,VI,START;$TART-PC; 

IF  CHECK('ABSTR)  a  (Ll-NUMBERO)  a  (VIHDENTO)  a  SCO 
THEN  RETURN  ABSTRS EM(L  1  ,V  1 );  PC-START; 

END; 


EXPR  ABSTRSEM(LI,V1  :AWF); 

BEGIN 

IF  ISPROOFSTEP(LI)  a  NOTFREE(VI  ,DEPOF(Ll ))  THEN 

AWF-AWFFOF(l  I )  ALSO  RETURN(MKPROOFSTEP!MKWFF(RELCF(AWF), 

MKLAMBDATERM(V1  .FSTERMOF(AWF)), 
MKLAMBDATERM!Vi,SNTERMOF(AWF))), 
DEPOFdD.REASONCABSTR.ai.Vh))) 

ELSE  RETURN(ORINTMES("NASTY  ABSTR*’));  END; 

EXPR  CASES!)- 

BEGIN  NEW  LI ,L2,L3,TRMISTART;  START-PC; 

IF  CHECK('CASES)  a  (Ll-NUMBERO)  a  (L2-NUMBERO)  a 
(L3-NUMBERO)  A  (TRM-TERMO)  a  SCO 
THEN  RETURN  CASESSEMdl ,L2,L3,TRM);  PC-START; 

END; 

EXPR  CASESSEMdl  ,L2,I  3,TRM:WF1  .WF2.DI  ,D2,D3); 

IF  lSPROOFSTEP(LI)  a  ISPROOFSTEP(L2)  a  ISPROOFSTEP(L3)  a 
EQUAL  (WF1  -WFFOF(LI  ),WF2-WFFOF(L2»  a 
EQUAL(WF2,WFFOF(L3))  a 

TESTCASES(D1  *-DEPOF(Ll  ),D2‘-DEPOF(L2),D3»-DE0OF(L3),TRM) 

THEN  MKPROOFSTEP(WFl1UNIONOF(REMOVE(DI,FIND(Dl  JRM/TT)), 
UNIONOF(REMOVE(D21FIND(D2,TRM,,UU))l 
REMOVE{D31FIND(D31TRMI,FF)))), 

REASON('CASES,<L  I  ,L2,L3,TRM») 

ELSE  PRINTMESO'NASTY  CASES"); 

EXPR  INDUCT!); 

BEGIN  NEW  LI, L2.L3.L4.VI .START;  START-PC; 

IF  CHECK('INDUCT)  a  (LI -NUMBER!))  a  (L2-NUMBER!))  A  (L3-NUMBERO)  a 
(L4-NUMBER0)  a  (VIHDENTO)  a  SCO 
THEN  RETURN  INDUCT3EM(L  1  ,L2,L3,L4,V I );  PC-START; 

END; 

EXPR  INDUCTSEM(L  1  ,L2,L3,L4,V1 ); 

BEGIN  NEW  AWFI1WF3,FIX1MTIBVIMAT,FUNVI; 

IF  ISPROOFSTEP(LI)  a  ISPROOFSTEP(L2)  a  ISPROOFSTEP(L3)  aISPR00FSTEP(L4)  a 
ISMUTERM(MT-SNTERMOF(AWF I -AWFFOFd I )))  A 
ISFREEFORT (FIX-FSTERMOF(MT),BV-BVAROF(MT),MAT-MATRIXOF(MT))  A 
ISFREEFORWOUU.VI ,WF3-WFFOF(L3))  A 
ISFREEFORT(VI,BV,MAT)  a 

1SFREEF0RW(FUNVI  -SUBSTG(MAT,VI  ,BV),V1  ,WF3)  a 
ISFREEFORW(FIX,VI ,WF3)  a 
EQUAL(WFFOF(L2),SUBWV(WF31’UU,VI ))  a 
EQUAL(WFFOF(L4)tSUBWV(WF3,FUNVI ,VI ))  a 
MEMQ(L3,DEPOF(L4)) 

THEN  RETURN  MKPROOFSTEP(SUBWV(WF3,FSTERMOF(AWFl ),V1 ), 

UNIONOF  (UNIONOF(DEPOF(L  1  ),DEPOF(L2 )), 
REMOVE(UNIONOF(DEPOF(L3),DEPOF(L4)),L3)), 
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REASONONDUCT,  <L  1  ,L2,L3,L4,V  i  >)) 
ELSE  PRINTMESC'NASTY  INDUCT"); 

END; 


EXPR  CONVO; 

BEGIN  NEW  LI,TRM,START;START-PC; 

IF  -HECK(’CONV)  a  (Ll-NUMBERO)  a  SC() 
THEN  RETURN  CONVSEMI  (LI );  PC-START; 

IF  CHECK(’CONV)  a  (TRM-TERMO)  a  SCO 
THEN  RETURN  CONVSEM2(TRM);  PC-START; 
END; 


EXPR  CONVSEMI  (LhAWF); 

IF  ISPROOFSTEP(Ll) 

THEN  MKPROOFSTEP(MKWFF(RELOF(AWF-AWFFOF(L) )), 

CONVT  (FSTERMOF  (AWF)),CONVT  (SNTERMOF(AWF))), 

DEPOF(L  1  ),REASON(’CONV,<Ll  >)) 

ELSE  PRINTMESC'NASTY  CONV"); 

EXPR  CONVSEM2(TRM); 

MKPROOFSTEP(MKWFF('?=,TRM, CONVT  (TRM))l’NO::P,REASONCCONV1<TRM»); 

EXPR  ETACONVO; 

BEGIN  NEW  TRMfSTART;$TART-PC; 

IF  CHECK('ETACONV)  a  (TRM-TERMO)  a  SCO 
THEN  RETURN  ETACONVSEM(TRM);  PC-START; 

END; 


EXPR  ETACONVSEM(TRM); 

IF  ISLAMBDATERM(TRM)  a  ISAPPLTERM(MATRIXOF(TRM))  a 
EQ(BVAROF(TRM),ARGOF(MATRIXOF(TRM)))  A 
NOTFRVT(BVAROF(TRM),FNOF(MATRIXOF(TRM})) 

THEN  MKPR00FSTEP(MKWFF(7=,TRM,FN0F(MATRIX0F(TRM))), 
,NOOEPiREASON(’ETACONV,<TRM») 

ELSE  PRINTMESC'NASTY  ETACONV"); 

EXPR  ALPHACONVO; 

BEGIN  NEW  L1,TRM,VI,V2,START;START-PC; 

IF  CHECKCALPHACONV)  a  (Ll-NUMBERO)  a  (Vl-IDENTO)  A  (V2-IDENTO)  A  SCO 
THEN  RETURN(AC0NVSEM1(L1,VI,V2));  PC-START; 

IF  CHECKCALPHACONV)  a  (TRM-TERMO)  a  (Vl-IDENTO)  A  (V2-IDENTO)  A  SCO 
THEN  RETURN(AC0NVSEM2(TRM,V1,V2));  PC-START; 

END; 


EXPR  ACONVSEM1  (LI ,VI ,V2  :AW(‘,F$); 

IF  ISPROOFSTEP(Ll) 

THEN  MKPROOFSTEP(MKWFF(RELOF(AWF-AWFFOF(L1)),FS-ACONV(FSTERMOMAWF),V),V2), 

IF  EQUAL(FS,F$TERMOF(AYvF))  THEN  ACONV(SNTERMOF(AWF),V)  ,V2) 

ELSE  SNTERMOF(AWF)), 

DEPOF(Ll),  REASONCALPHACONV,  <L1,V1,V2>  )) 

ELSE  PRINTMESC'NASTY  ALPHACONV"); 

EXPR  AC0NVSEM2(TRM,V1,V2); 

MKPR00FSTEP(MKWFFC?sTRM,AC0NV(TRM1VlIV2))p’N0DEP1REAS0NCALPHAC0NV,<TRM,Vl,V2»); 
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EXPR  EQUIVO; 

DEGIN  NEW  L1.L2, START;  START-PC; 

IF  CHECK(’EQUIV)  a  (LI -NUMBERO)  a  (L2-NUMBERO)  a  SCO 
THEN  RETURN  EQUIVSEMU  ,L2);  PC-START; 

END; 


EXPR  EQUIVSEM(LI  ,L2:AWF1  ,AWF2); 

IF  ISPROOFSTEP(Ll)  a  l$PROOFSTEP(L2) 

a  ISLT AWFF (AWF I  -AWFFOF (LI ))  aI$LTAWFF(AWF2-AWFFOF(L2)) 
a  EOUAL(FSTERMOC(AWFI),  SNTERWOF(AWF2)) 
a  EQUAL(FSTERMOF(AWF2),  SNTERMOF(AWFl)) 

THEN  MKPROOFSTEP(MKWFF(’?=,FSTERMOF(AWF  1  ),SNTERMOF(AWF  I )), 

UNIONOF (DEPOF (L I  ),DEPOF(L2)),REASON('EQUIV,<L I  ,L2») 
ELSE  PRINTMESC'NASTY  EQUIV"); 

EXPR  RErLl  (); 

BEGIN  NEW  TRM, START;  START-PC; 

IF  CHECK(’REFLl)  a  (TRM-TERMO)  a  SCO 
THEN  RETURN  REFL 1  SEM(TRM);  PC-START; 

END; 


EXPR  REFL  I  SEM(TRM); 

MKPROOFSTEPIMKWFFCT^TRM.TRW),  'NODEP  ,  REASONCREFLI  ,<TRM>)); 
EXPR  REFL20; 

BEGIN  NEW  TRW, START;  START-PC; 

IF  CHECK0REFL2)  a  (TRM-TERMO)  a  SCO 
THEN  RETURN  RZFL2SEM(TRM);  PC»-START; 

END; 

EXPR  REFL2SEM(TRM); 

MKPROOFSTEP(WKWFF(’?c,TRM,TRW),  ’NODEP  ,  REAS0N(’REFL2,<TRM»); 
EXPR  MINK); 

BEGIN  NEW  TRM, START;  START-PC; 

IF  CHECM’MINl )  a  (TRM-TERMO)  a  SCO 
THEN  RETURN  MINISEM(TRM);  PC-START; 

END; 

EXPR  MINI SEM(TRM); 

MKPROOFSTEP(MKWFF(’?c;uU, TRM), ’NODEP  ,  REAS0N(’MIN1,<TRM»); 
EXPR  MIN20; 

BEGIN  NEW  TRM, START;  START-PC; 

IF  CHECKCMIN2)  a  (TRM-TERMO)  a  SCO 
THEN  RETURN  MIN2$EM(TRM);  PC-START; 

END; 


EXPR  MIN2SEM(TRM); 

MKPROOFSTEP(MKWFF(’?s, MKAPPLTERM('UU, TRM), ’UU), 'NODEP  ,  REAS0N(’MIN2,<TRM»); 
EXPR  CONDTO; 

BEGIN  NEW  TRM, START;  START-PC; 

IF  CHECK('CONDT)  a  (TRM-CONDTEaMO)  a  SCO 
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THEN  RETURN  CONDTSEM(TRM);  PC-START; 
END, 


EXPR  CONDTSEM(TRM); 

IF  ISTTCOND(TRM) 

THEN  WKPROOFSTEP(MKWFF(,?s,TRM,TRUCASOF(TRM)),,NODEP  ,  REASON(’CONDT,<TRM») 
ELSE  PRINTMESC'NASTY  CONOT"); 

EXPR  CONDFO; 

BEGIN  NEW  TRM.START;  START-PC; 

IF  CHECK(’CONDF)  a  (TRM-CONDTERMO)  a  SCO 
THEN  RETURN  CONDFSEM(TRM);PC-START; 

END; 


EXPR  CONDFSEM(TRM); 

IF  ISFFCOND(TRM) 

THEN  MKPROOFSTEP(MKWFF(,?bJRM,FALCASOF(TRM)),,NODEP  ,  REASON('CONDF,<TRM») 
ELSE  PRINTMESC'NASTY  CONDF"); 

EXPR  CONDUO; 

BEGIN  NEW  TRM.START;  START-PC; 

IF  CHECK('CONDU)  a  (TRM-CONDTERMO)  a  SCO 
THEN  RETURN  CONDUSEM(TRM);  PC-START; 

END; 

EXPR  CONDUSEM(TRM); 

IF  ISUUCOND(TRM) 

THEN  MKPROOFSTEP(MKWFF(,?i,TRM,,UU),'NODEP  ,  REA$ONCCONDU,<TRM») 

ELSE  PRINTMESC'NASTY  CONDU"); 

EXPR  FIXPO; 

BEGIN  NEW  LI,START;START-PC; 

IF  CHECK('FIXP)  a  (Ll-NUMBERO)  a  SCO 
THEN  RETURN  FIXPSEM(LI);  PC-START; 

END; 

EXPR  FIXPSEM(L1  tAWF.MT.FlX.BV.MA); 

IF  ISPROOFSTEP(Ll)  a  ISMUTERM(MT-(SNTERMOF(AWF-AWFFOF(Ll ))))  a 
ISFREEFORT(FIX-FSTERMOF(AWF),BV-BVAROF(MT),MA-MATRIXOF(MT)) 

THEN  RETURN(MKPROOFSTEP(MKWFFC?h,FIX,SUBSTG(MA,FIX,BV)), 

DEPOF(LI  ),REASON(’FIXP,<Ll»)) 

ELSE  RETURN(PRINTMES("NASTY  FIXP")); 

EXPR  SUBSTO; 

BEGIN  NEW  LI  ,N,L2,TRM,START;START-PC; 

IF  CHECKCSUBST)  a  (Ll-NUMBERO)  a  CHECK(’OCC)  a  (N-NUMBERO) 
a  CHECK('IN)  a  (L2-NUMBERO)  A  SCO 
THEN  RETURN  SUBSTSEM1  (L1.N.L2);  PC-START; 

IF  CHECKCSUBST)  a  (Ll-NUMBERO)  a  CHECK(’OCC)  a  (N-NUMBERO) 
a  CHECK('IN)  a  (TRM-TERMO)  A  SCO 
THEN  RETURN  SUBSTSEM2(L  1  ,N,TRM);  PC-START; 

END; 


EXPR  SUCSTSEM1  (LI ,N,L2); 


LCFsmall 


S3 


BEGIN  NEW  AWF I  ,AWF2,DEP; 

IF  ISPR00FSTEP(L1 )  a  i$PR00F$TEP(L2)  a  ISEQUiVAWFr  (AWFI*-AWFF0F(L1 )) 
THEN  AWF2*-  AWFF0F(L2)  ALSO 

0EP-UNI0N0F(DEP0F(L1  ),DEP0F(L2))  ALSO 
RETURN  MKPR00F$TEP(SUBW(AWF2,AWF1  ,N),DEP, 
REAS0N('SUBSTI<L1,’0CCIN,,IN,L2») 

ELSE  RETURN  PRINTMES ("NASTY  SUBST"); 

END; 


EXPR  $UBSTSEM2(L1  ,N,TRM); 

BEGIN  NEW  AWF.REL.SNT; 

IF  ISPROOFSTEP(Ll) 

THEN  AWF-AWFFOF(Ll)  ALSO  REL*-RElOF(AWF)  ALSO 
SNT«-SUBSTTT(TRM,SNTERMOF(AWF),FSTERMOF(AWF),N)  ALSO 
RETURN  MKPROOFSTEP(MKWFF(REL,TRW,SNT)1DEPOF(Ll ), 
REASON('$UB$T1<Ll1’OCC,N,'IN1TRM») 

ELSE  RETURN(PRINTMES("NASTY  SUBST")); 

END; 
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APPENDIX  5 

AUXILIARY  COMMANDS 


EXFR  SHOWO; 

BEGIN  NEW  N1  ,N2,START; 

START-PC; 

IF  CHECK(’SHOW)  a  CHECK('LINE)  a  (N I  “NUMBER!))  a 
OPT(COLON()  a  (N2-NUMBERO))  a  SC!) 
THEN  RETURN  SHOW$EM(Nl  ,N2); 

PC-START; 

END; 


EXPR  SHOWSEM(N)  ,N2); 

BEGIN 

IF  NULKN2)  THEN  N2-N1; 

TERPRI(PRINC(TERPRi!"  "))); 

A;  IF(N1<N2)  THEN 

(IF  ISPROOFSTEP(Nl) 

THEN  TERPRI(PRINTLINE(SEARCH(N1, PROOF)))  ALSO  Nl-NM  ALSO  GO  A 
ELSE  RETURN  PRINTMESC'NONEXISTING  STEP")) 

ELSE  RETURN  PRINCf  ”); 

END; 


EXPR  FETCH!); 

BEGIN  NEW  ID,  START; 

START-PC; 

IF  CHECK('FETCH)  a  (ID-IDENTO)  a  SCO  THEN  RETURN  FETCHSEM(ID); 
PC-START; 

END; 

EXPR  FETCHSEM(ID); 

INC  (EVAL(<’INPUT,’FOO,’DSK?  :>®<ID>),NIL); 

EXPR  CANCEL!); 

BEGIN  NEW  N, START;  START-PC; 

IF  CHECK('CANCEL)  a  OPT!N-NUMBER())  a  SCO 
THEN  RETURN  CANCELSEM(N); 

PC-START;  END; 

EXPR  CANCELSEM(N); 

BEGIN 

IF  NULL(N)  THEN  N-PFLENGTH; 

IF  (N<1 ) 

THEN  (PFLENGTH-O) 

ALSO  (PROOF-NIL) 

ALSO  RETURN  (PRINTMESC'YOU  HAVE  DEMOLISHED  YOUR  PROOF")); 
A;  IF  (PFLENGTH  LESSP  N)  THEN  RETURN(PRINTM(PFLENGTH)); 
PFLENGTH -(PFLENGTH-1); 

PROOF-CDR  PROOF; 

GO  A; 

END; 
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APPENDIX  6 

AUXILIARY  FUNCTIONS 


6  1  Predicates  on  Free  and  Bound  Occurrences  of  Varibles  on  Terms,  Awffs.  etc. 

EXPR  NOTBNDVT (V,TRM); 

BEGIN 

IF  ISIDENT(TRM)  THEN  RETURN  T; 

IF  ISAPPLTERM(TRM)  THEN  RETURN  (NOTBNDVT(V,FNOF(TRM;)a 

NOTBNDVT  (V.ARGOF(TRM))); 

IF  ISCONDTERM(TRM)  THEN  RETURN  (NOTBNDVT(V,PREDOF(TRW))a 

NOTBNDVT  (V,TRUCASOF(TRW))a 
NOTBNDVT  (V,FALCASOF(TRM)>); 

IHISLAWBDATERM(TRM)  v  ISMUTERM(TRM)) 

THEN  (IF  EQ(BVAROF(TRW),V)  THEN  RETURN  NIL 

ELSE  RETURN  NOTBNDVT (V.MATRIXOF(TRM))); 

END; 


EXPR  BOUNDV(VJRM);  'NOTBNDVT (V,TRM); 

EXPR  NOTFRVT(V.TRM); 

BEGIN 

IF  ISAPPLTERM(TRM)  THEN  RETURN  (NOTFRVT(V,FNOF(TRM))aNOTFRVT(VpARGOFOPM))); 
IF  ISCONDTERM(TRM)  THEN  RETURN  (NOTFRVT(V,PREDOF(TRM))  a 

NOTFRVT(V,TRUCASOF(TRM))  a 
NOTFRVT(V,FALCASOF(TRW))); 

IF  ISLAMBDATERM(TRM)  v  ISMUTERM(TRM) 

THEN  RETURN  (EQ(V,BVAROF(TRM))  v  NOTFRVT(V,MATRIXOF(TRM))); 

RETURN(  ■'EO(V.TRM)); 

END; 

EXPR  FREEV(V.TRM);  ('NOTFRVT(VJRM)); 

EXPR  NOTFRVW(V.WF); 

IF  EMPTY(WF)  THEN  T 
ELSE  NOTFRVT(V,FSTERMOF(FSTOF(WF)))  a 
NOTFRVT(V,SNTERMOF(FSTOF(WF)))  A 
NOTFRVW(V,RMDR(WF)); 

EXPR  NOTFREE(V.LN); 

IF  EMPTY(LN)  THEN  T  ELSE 

(IF  NOTFRVW(V,WFFOF(F$TOF(LN)))  THEN  NOTFREE(V,RMDR(LN))); 

EXPR  ISFREEroRT(X,V,TRM); 

BEGIN 

IF  IStDENT (TRM)  THEN  RETURN  T; 

IF  ISAPPLTERM(TRM)  THEN  RETURN  ISFREEFORT(X,V,FNOF(TRM))a 
ISFREEFORT(X,V,ARGOF(TRM)); 

IF  ISCONDTERM(TRM)  THEN  RETURN  I$FREEFORT(X,V,PREDOF(TRM))a 
ISFREEFORT(X,V,TRUCASOF(TRM))  a 
ISFREEFORT(X,V,FALCASOF(TRM))  ; 
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IF  ISLAMBDATERM(TRM)  v  ISMUTERM(TRM)  THEN 

IF  EQ(V  BVAROF(TRM))  v  FREEV(BVAROF(TRM),X)  THEN  RETURN  NIL 
ELSE  RETURN  l$FREEFORT(X,V,MATRIXOF(TRM)); 

END; 


EX°R  ISFREEFORW(X,V,WF); 

IF  EMPTY(WF)  THEN  T 

ELSE  ISFREEFORT(X,V,FSTERMOF(FSTOF(WF)))  a 
ISFREEFORT|X,V,SNTERMOF(F3TOF{WF)))  t 
ISFREEFORW(X,V,RMDR(WF)); 


6  2  Miscellaneous  Functions  Used  in  1NCL,  CUT,  CASES,  SHOW 
EXPR  PICKUP(WF,N); 

IF  EQ(N.l)  THEN  <FSTOF(WF)>  ELSE  PICKUP(RMDR(WF),N-I ); 

EXPR  INCLTEST(LN.WF); 

BFGIN 

IF  EMPTY(LN)  THEN  RETURN(T); 

IF  TESTM(WFFOF(FSTOF(LN)),WF'  THEN  RETURN(INCLTEST(RMDR(LN),WF)); 
END; 

EXPR  TESTM(VVF  I , WF 2 ); 

IF  EMPTY(WFI )  THEN  T 

ELSE  MEMBER(FSTOF(WFI),WF2)  a  TESTM(RMOR(WFI  ),WF2); 

EXPR  TESTCASES(LNI,LN21LN3,TRM); 

TESTCIMKWFFCTsJRM.'TTKLNI )  a 
TESTC(MKAWF ('?=,TRM,'UU),LN2)  a 
TESTC(MKAWF('?*,TRM,'FF),LN3); 

EXPR  TESTC(WF,LN); 

IF  EMPTY(LN)  THEN  NIL  ELSE 

IF  EQUAL(WF,WFFOF(FSTOF(LN)))  THEN  T 
ELSE  TESTC(WF,RMDR(LN)); 

EXPR  FIND(LN,TRMI  ,TRM2); 

IF  EMPTY(LN)  THEN  NIL  ELSE 

IF  EQUAL(MKWFF('?s,TRMI,TRM2),WFFOF(FSTOF(LN))) 

THEN  FSTOF(LN)  ELSE  FIND(RMDR(LN),TRMI  ,TRM2); 

EXPR  REMOVE(LN.N); 

IF  EO(LN.NIL)  THEN  NIL  ELSE 

(IF  EQ(N,FSTOF(LN))  THEN  RMDR(LN) 

ELSE  (FSTOF(LN)  CONS  REMOVE(RMDR(LN),N))>; 

EXPR  OPT(X); 

IF  X  THEN  X  ELSE  T; 


6.3 


Conversion  and  Substitution  Routines 
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EXPR  CONVT(TRM); 

BEGIN  NEW  BV.MAS.MA.FNEW; 

IF  ISIDENT(TRM)  THEN  RETURN  TRM; 

IF  ISCONDTERM(TRM)  THEN  RETURN  WKCONDTERM(CONVT (PREDOF (TRM)), 
CONVT(TRUCASOF(TRM)),CONVT(FALCASOF(TRM))); 

IF  ISLAMBDATERM(TRM)  THEN  RETURN  MKLAMBDATERM(BVAROF(TRM),CONVT(MATRIXOF(TRM))); 
IF  ISMUTERM(TRM)  THEN  RETURN  MKWUTERM(B VAROF (TRM).CONVT (MATRIXOF (TRM))); 

IF  ISAPPLTERM(TRM)  THEN 

(IF  ISLAMBDATERM(FNOF(TRM)) 

THEN  BV-8VAR0F(FN0F(TRM)) 

ALSO  MA-MATRIXOF(FNOF(TRM)) 

ALSO  MAS-SUB$TG(MA,CONVT(ARGOF(TRM)),BV) 

ALSO  RETURN  IF  EQUAL(MA,MAS)  THEN  TRM  ELSE 
CONVT(MAS) 

ELSE  RETURN  IF  ISLAMBDATERM(FNEW*-CONV7(FNOF(TRM)))  THEN 
CONVT(MKAPPLTERM(FMEW,CONVT(ARGOF(TRM)))) 

ELSE  MKAPPLTERM(FNEW,CONVT(ARGOF(TRM)))); 

END; 

EXPR  SUBSTGfTRM.X.Vl); 

BEGIN 

IF  ISIDENT(TRM)  a  EQ(TRM,VI)  THEN  RETURN  X; 

IF  ISIDENT(TRM)  THEN  RETURN  TRM; 

IF  ISAPPLTERM(TRM)  THEN  RETURN  MX APPLTERM(SUB STG(FNOF (TRM),X,V  1 ), 

SUBSTG(ARGOF(TRM),X,VI )); 

IF  ISCONDTERM(TRM)  THEN  RETURN  MKCONDTERM($UBSTG(PREDOF(TRM),X,Vl ), 

SUBSTG(TRUCASOF(TRM),X,VI ), 

SUBSTG(FALCASOF(TRM),X,Vl )); 

IF  ISLAMBDATERM(TRM) 

THEN  RETURN  (IF  EQ(V  I  .BVAROF(TRM))  v  FREEV(BVAROF(TRM),X) 

THEN  TRM 

ELSE  MKLAMBDATERM(BVAROF(TRM),SUBSTG(MATRIXOF(TRM),X,Vl ))); 

IF  ISMUTERM(TRM) 

THEN  RETURN  (IF  EQ(V  1  .BVAROF (TRM))  v  FREEV(BVAROF (TRM),X) 

THEN  TRM 

ELSE  MKMUTERM(BVAROF(TRM),SUBSTG(MATRIXOF(TRM),X,VI ))); 

END; 


EXPR  ACONV(TRM,V  1  ,V2:X); 

BEGIN 

IF  NOTBNDVT(V2,TRM)  THEN  RETURN  TRM; 

IF  ISCONDTERM(TRM)  THEN  BEGIN 

IF  BOUND  V(V2, PREDOF  (TRM))  THEN  RETURN  MKCONDTERM(ACONV  (PREDOF  (TRM),V  1  ,V2 ), 

TRUCASOF(TRM),FALCASOF(TRM)); 

IF  BOUNDV(V2,TRUC.ASOF (TRM))  THEN  RETURN  MKCONDTERM(PREDOF (TRM), 
ACONV(TRUCASOF(TRM),Vl,V2),FALCASOF(TRM)); 

IF  BOUNDV(V2,FALCASOF(TRM))  THEN  RETURN  MKCONDTERM(PREDOF(TRM), 
TRUCASOF(TRM)(ACONV(FALCASOF(TRM),VI,V2));END; 

IF  (SAPPLTERM(TRM)  a  BOUNDV(V2,FNOF(TRM)) 

THEN  RETURN  MKAPPLTERM(ACONV(FNOF(TRM),Vl,V2),ARGOF(TRM)); 

IF  ISAPPLTERM(TRM) 

THEN  RETURN  MKAPPLTERM(FNOF(TRM),ACONV(ARGOF(TRM),Vl,V2)); 

IF  ISLAMBDATERM(TRM)  a  EQ(V2,BVAROF(TRM)) 

THEN  RETURN  (IF  FREEV(V  I  .MATRIXOF (TRM))  v 

EQUAL(X-SUBSTG(MATRIXOF(TRM),Vl,V2),MATRIXOF(TRM)) 

THEN  TRM 
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ELSE  MKLAMBDATERM(V I  ,X)); 

IF  ISLAWBDATEPM(TRW) 

THEN  RETURN  MKLAMBDATERM(BVAROF(TRM),ACONV(MATRIXOF(TRM),VI ,V2)); 
IF  ISMUTERM(TRM)  a  EQ(V2,BVAR0F(TRM)) 

THEN  RETURN  (IF  FREEV(V1  .MATRIXOF(TRM))  v 

EQUAL(X-SUB$TG(MATRIXOF(TRM),V!,V2),MATRIXOF(TRW)) 

THEN  TRM 

ELSE  MKMUTERM(VI,X)); 

IF  ISMUTERM(TRM) 

THEN  RETURN  MKMUTERM(BVAROF(TRM),ACONV(MATRIXOF(TRM),Vl,V2)); 

END; 


EXPR  SUBW(AWF  I  ,AWF2,N); 

BEGIN  NEW  TRMI.TRM2; 

SUBCOUNT-N; 

TRM  I  -DOSUBST(FSTERMOF(AWFI  ),SNTERMOF(AWF2),FSTERMOF(AWF2)); 
TRM2-0F  EQ($UBCOUNT,C)  THEN  SNTERMOF(AWFI ) 

ELSE  DOSUBST (SNTERMOF(AWFl  ),SNTERMOF(AWF2),FSTERMOF(AWF2))); 
RETURN  MKWFF (RELOF(AWF !  ),TRM  1  ,TRM2); 

END; 


EXPR  SUBSTTT(TRM1  ,TRM2,TRM3,N); 
BEGIN 

SUBCOUNT-N; 

RETURN  DOSUBST(TRM!,TRM2tTRM3); 
END; 


EXPR  DOSUBST(TRMI  JRM2.TRM3); 

BEGIN  NEW  AUXI.AUX2.AUX3; 

IF  EQUAL(TRM1  ,TRM3)  THEN  (SUBCOUNT-SUBCOUNT- 1 )  ALSO 
(IF  EQ(SUBCOUNT.O)  THEN  RETURN  TRM2  ELSE  RETURN  TRM1 ); 

IF  ISIDENT (TRM  1 )  THEN  RETURN  TRMI ; 

IF  ISCONDTERM(TRMI)  THEN 

AUX  I  -DOSUBST (PREDOF(TRMl  ),TRM2,i  RM3)  ALSO 
AUX 2— (IF  EO(SUBCOUNT.O)  THEN  TRUCASOF(TRM  1 ) 

ELSE  DOSUBST(TRUCASOF(TRM1),TRM2,TRM3))  ALSO 
AUX3-(IF  EQ(SUBCOUNT.O)  THEN  FALCASOF(TRMI ) 

ELSE  DOSUBST (FALCASOF(TRM I  ),TRM2,TRM3))  ALSO 
RETURN  MKCONDTERM(AUX  I  ,AUX2,AUX3); 

IF  ISAPPLTERM(TRMl)  THEN 

AUX  I  -DOSUBST(FNOF(TRM  I  ),TRM2,TRM3)  ALSO 
AUX2-0F  EO(SUBCOUNT.O)  THEN  ARGOF(TRMI) 

ELSE  DOSUBST(ARGOF(TRM1),TRM21TRM3))  ALSO 
RETURN  MKAPPLTERM(AUX  I  ,AUX2); 

IF  ISLAMBDATERM(TRMI)  v  ISMUTERM(TRM1 )  THEN 

IF  FREEV(BVAROF(TRMI  ),TRM2)  v  FREEV(BVAROF(TRMl  ),TRM3)  THEN 
RETURN  TRMI  ELSE  RETURN 
(IF  ISLAMBDATERM(TRMI) 

THEN  MKLAMBDATERM(BVAROr(TRMl  ),DOSUBST(MATRIXOF(TRMI  ),TRM2,TRM3)) 
ELSE  MKMUTERM(BVAROF(TRMI  ;,DO$UBST(MATRIXOF(TRMI  ),TRM2,TRM3))); 


END; 
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APPENDIX  7 

MANIPULATION  OF  THE  DATA  STRUCTURE 


7.1  Constructors 

EXPR  MKCCNDTERM(PR ,TC,FC);  (7!C0ND  CONS  PR  CONS  TC  CONS  FC); 
EXPR  MKAPPLTERM(FN,ARG);  (71APPLY  CONS  FN  CONS  ARG); 

EXPR  MKLAMBDATERM(V,TRM);  (7ILAMBDA  CONS  V  CONS  TRM>; 

EXPR  MKMUTERM(V,TRM';  (’T!MU  CONS  V  CONS  TRW); 

EXPR  MKAWF(X,Y,Z);  (X  CONS  Y  CONS  Z); 

EXPR  MKWFF(X,Y,Z);  <(X  CONS  Y  CONS  Z)>; 

EXPR  MKPROOFSTEP(X,Y,Z);IF  EQ(Y,'NODEP)  THEN  <X,NIL,Z>  ELSE  <X,Y,Z>; 
EXPR  REASON(X,Y);(X  CONS  Y); 

7.2  Selectors 

EXPR  PREDOF(TRM);  CADR  TRM  ; 

EXPR  TRUCASOF(TRM);  CADDR  TRM  ; 

EXPR  FALCASOF(TRM);  CDDDR  TRM  ; 

EXPR  DEPOF(X:P);  BEGIN  P*-SEARCH(X,PROOF);RETURN(P[3]);END; 

EXPR  RELOF(X);  CAR  X; 

EXPR  FSTERMOF(X);  CADR  X; 

EXPR  SNTERMOF(X);  CDDR  X; 

EXPR  AWFFOF(X);  (CAR  WFFOF(X)); 

EXPR  WFFOF(X:P);  BEGIN  P*-jEARCH(X, PROOF);  RETURN(  P[<.]);END; 
EXPR  FSTOF(X);  CAR  X  ; 

EXPR  RMDR(X);  CDR  X  ; 

EXPR  FNOF(X);CADR  X; 
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EXPR  ARGOF(X);  CDDR  X; 
EXPR  BVAROF(X);  CADR  X; 
EXPR  MATRIXOF(X);  CDDR  X; 


> 


7.3  Predicates 

EXPR  ISEQUIVAWFF(AWF);  EQ(RELOF(AWF),'?«); 

EXPR  ISLTAWFF(AWF); 

EQ{RELOF(AWF),'?c); 

EXPR  ISINCL(N.WF); 

(LNT(WF)>N): 

EXPR  ISTTCOND(TRM); 

EQtPREDC  r'(TRM),'TT); 

EXPR  ISFFCOND(TRM); 

EQtPREDOFiTRMVFF); 

EXPR  ISUUCONO(TRM); 

EQ(PREDOF  (TRM),'UU); 

EXPR  ISPROOFSTEP(L); 

(PFLENGTH>L); 

EXPR  EMPTY(X); 

EQ(X.NIL); 

EXPR  ISLINE(X); 

->(ATOM(X)); 

EXPR  ISIDENT(X); 

ATOM(X); 

EXPR  ISAPPLTERM(TRM);  EQ((CAR  TRM)/?!APPLY); 

EXPR  ISCONDTERM(TRM);  EQ((CAR  TRM),  7IC0N0  ); 

EXPR  ISLAMBDATERM(TRM);  EQ((CAR  TRM)  ,'?!LAMBDA); 

EXPR  ISMUTERM(TRM);  EQ((CAR  TRM),  7!MU); 

7.4  Miscellaneous  Functions 


EXPR  UNIONOF(LNl,LN2); 

BEGIN 

IF  EQ(LN1  ,'NODEP)  v  EQ(LNl.NIL)  THEN  RETURN  LN2; 

IF  EQ(LN2,’NODEP)  v  EQCLN2.NIL)  THEN  RETURN  LN1; 

IF  MEMQ((CAR  LN1>,LN2)  THEN  RETUR.I(UNIONOF((CDR  LN1  ),LN2)) 

ELSE  RETURN((CAR  LN1)  CONS  (UNIONOFUCDR  LN1),LN2))); 

END; 


EXPF  UNIONW1WF1.WF2); 

IF  EQUAL(WF1,NIL)  THEN  WF2  EuSE 
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(IF  MEMBER((CAR  WF1),WF2)  THEN  UNIONW((CDR  WF1),WF2) 

ELSE  ((CAR  WF1)  CONS  UN!ONW((CDR  WF1),WF2))); 

EXPR  ADDLINE(X); 

BEGIN  PFLENGTH  «-  PFl.ENGTH  •  I; 

PROOF«-((PFLENGTH  CONS  X)  CONS  PROOF);  END; 

CYPR  CCADPU/y  p\. 

IF  EQ(P[1 ,1  ]',X)  THEN  P[l]  ELSE  SEARCH(X,(CDR  P)); 

EXPR  LNT(X); 

IF  EQ((CDP  X),NIL)  THEN  1  ELSE  (LNT(CDR  X)  *  1); 

EXPR  SUBWV(WF,X,V:FS); 

IF  EQ(WF,NIL)  THEN  NIL  ELSE 

(MKAWF(REI,OF(FS-FSTERMOF(WF)),SUBSTG(FSTERMOF(FS)1X,V), 
SUBSTG(SNTERMOF(FS),X,V))  CONS  SUBWV(RMOR(WF),X(V)); 


> 
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INDEX 


In  this  index  all  the  functions  appearing  in  the  program  are  listed  in  alphabetic  order  Each  name 
is  followed  by  the  number  of  the  appendix  where  the  function  is  defined. 


ABSTR 

4 

abstrsem 

4 

ACONV 

6.3 

AC0NVSEM1 

4 

AC0NVSEM2 

4 

ADDLINE 

7.4 

APPL 

4 

APPLSEm 

4 

APPLSEM2 

4 

argof 

7.2 

ASSUME 

4 

ASSUMESEM 

4 

AUFF 

1.4 

AUFFOF 

7.2 

B40L1NE 

2 

POUNDV 

6.1 

BVAROF 

7.2 

CANCEL 

S 

CANCELSEM 

5 

CASES 

4 

CASESSEM 

4 

CHECK 

1.4 

COLON 

1.4 

COMMA 

1.4 

CONOF 

4 

CONOFSEM 

4 

CONOT 

4 

CONDTERM 

1.4 

CONOTSEM 

4 

CONOU 

4 

CONOUSEM 

4 

CONJ 

4 

CONJSEM 

4 

CONV 

4 

CONVSEM1 

4 

C0NVSEM2 

4 

CONVT 

6.3 

CUT 

4 

CUTSEM 

4 

de 1  scan 

1.2 

DEPOF 

7.2 

OOLLAR 

1.4 

OOSUBST 

6.3 
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EMPTY 

7.3 

ETACONV 

4 

ETACONVSEM 

4 

EQUIV 

4 

EQUIVSEM 

4 

FALCASOF 

7.2 

FETCH 

5 

FETCHSEM 

5 

FIND 

G.2 

FI  XP 

4 

FIXPSEM 

4 

f  1  ush 

1.3 

FNOF 

7.2 

FREEV 

6.1 

FSTERMOF 

7.2 

FSTOF 

7.2 

HALF 

4 

HALFSEM 

4 

IDENT 

1.4 

i  dscan 

1.2 

INCL 

4 

INCLSEM 

4 

INCLTEST 

6.2 

INDUCT 

4 

INOUCTSEM 

4 

IN1T 

2 

ISAPPLTERM 

7.3 

ISCONDTERM 

7.3 

isequivauff 

7.3 

ISFFCCNO 

7.3 

I 5FREEFORT 

6.1 

ISFREEFORU 

6.1 

I S I  DENT 

7.3 

ISINCL 

7.3 

ISLAMBDATERM  7.3 

1SL1NE 

7.3 

ISLTAUFF 

7.3 

'SMUTERM 

7.3 

1SPROOFSTEP 

7.3 

ISTTCOND 

7.3 

ISUUCOND 

7.3 

1 ambda 

1.4 

lambdaterm 

1.4 

LCFINIT 

2 

lcfproof 

2 

LINE 

2 

LNT 

7.4 

LPAR 

1.4 

lspinit 

2 

lsqbracket 

1.4 

MATRi XOF 

7.2 

nKAPPLTERfl 

7.1 

a 
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MKAUFF 

7.1 

MKCONOTERM 

7.1 

mklambdaterm 

7.1 

MKMUTERM 

7.1 

MKPROOFSTEP 

7.1 

MINI 

4 

M1N2 

4 

MKUFF 

7.1 

MIN'SEM 

4 

MIN2SEM 

4 

mu 

1.4 

("UTERM 

1.4 

next  t 

1.3 

nextv 

1.3 

NOTPNDVT 

G.l 

NOTFHtE 

6.1 

NOTFRVT 

6.1 

NOTFRVU 

6.1 

NUMBER 

1.4 

numscan 

1.2 

OPT 

6.2 

peekt 

1.3 

peekv 

1.3 

PER  1 00 

1.4 

PICKUP 

6.2 

PREDOF 

7.2 

PRINTAUFF 

3 

PRINTLINE 

3 

PRINTLST 

3 

PRINTM 

3 

PRINTMES 

3 

PRINTNEUL1NE 

3 

RARROU 

1.4 

readl i st 

1.2 

REASON 

7.1 

REFL1 

4 

REFL2 

4 

REFllSEtl 

4 

REFL2SEf1 

4 

REL 

1.4 

RELOF 

7.2 

RMOR 

7.2 

REMOVE 

6.2 

RESUME 

2 

RPAR 

1.4 

RSQBRACKET 

1.4 

SC 

1.4 

scan 

1.2 

SCNINIT 

2 

SEARCH 

7.4 

setup 

1.2 

SHOU 

S 
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SHOUSEN 

5 

SINPLETERM 

1.4 

SNTERNOF 

7.2 

SYH 

k 

SYMSEM 

4 

SUB5T 

4 

SUBSTG 

G.  3 

SUBSTSEHl 

4 

SUBSTSEn2 

4 

SUBSTTT 

G.  3 

SUBU 

G.3 

SUBUV 

7.4 

TEST 

G.2 

TESTLASES 

G.  2 

TESTH 

G.2 

TERN 

1.4 

token 

1.3 

tokent 

1.3 

tokenv 

1.3 

TRANS 

4 

TRANSSEN 

4 

TRUCASOF 

7.2 

tstack 

1.3 

UNIONOF 

7.4 

UNIONU 

7.4 

VALUE 

1.4 

UFF 

1.4 

UFFOF 

7.2 

